Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup (1).exe

Overview

General Information

Sample name:Setup (1).exe
Analysis ID:1386890
MD5:ec427b1bf867dc6fdfdfc2b5219f44de
SHA1:d23dfcbd02089bc6f13db8dd4cf1f9c5a085d275
SHA256:9b1d8b1bafd4f496de3e996dc6778ff0c75f37f2e5eaa5a60049d7c8338e7ef5
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:17
Range:0 - 100

Signatures

Multi AV Scanner detection for dropped file
Contains functionality to check if the process is started with administrator privileges
Contains functionality to infect the boot sector
Found API chain indicative of debugger detection
Found API chain indicative of sandbox detection
Found stalling execution ending in API Sleep call
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Very long command line found
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • Setup (1).exe (PID: 7068 cmdline: C:\Users\user\Desktop\Setup (1).exe MD5: EC427B1BF867DC6FDFDFC2B5219F44DE)
    • chrome.exe (PID: 592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 2024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1904,i,11089183741404647091,17360346966721708215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • SetupEngine.exe (PID: 8096 cmdline: "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" MD5: 6ADC1C797360ABEE521CAC2019130184)
      • cmd.exe (PID: 8176 cmdline: cmd /c "C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp" > C:\Users\user\AppData\Local\Temp\dskres.xml MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 8184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • diskspd.exe (PID: 740 cmdline: C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp MD5: FC41CABDD3C18079985AC5F648F58A90)
      • SetupResources.exe (PID: 7632 cmdline: C:\Users\user\AppData\Local\Temp\SetupResources.exe MD5: 884E1463B4CB20B28C3A80960E02AC2D)
      • chrome.exe (PID: 5412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid= MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • chrome.exe (PID: 7912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1980,i,18441206573575363989,16074251699852785128,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • fast!.exe (PID: 7204 cmdline: C:\Program Files (x86)\Fast!\Fast!.exe MD5: 3F2669BA4BA457B6F5B0F3CD949F1FDB)
  • svchost.exe (PID: 1692 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • FastSRV.exe (PID: 5324 cmdline: C:\Program Files (x86)\Fast!\FastSRV.exe MD5: B8AF4E4DFAB89560361DDB94353E7E06)
    • fast!.exe (PID: 7868 cmdline: C:\Program Files (x86)\fast!\fast!.exe MD5: 3F2669BA4BA457B6F5B0F3CD949F1FDB)
      • nw.exe (PID: 5472 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\. MD5: 4D9F9AE313447C1A616574E185697E3C)
        • nw.exe (PID: 7568 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x2cc,0x2d0,0x2d4,0x1d0,0x2d8,0x6b6d693c,0x6b6d694c,0x6b6d695c MD5: 4D9F9AE313447C1A616574E185697E3C)
        • nw.exe (PID: 5444 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --service-pipe-token=493E2991BBDAC7F9EF4ED5A8FE164F46 --lang=en-GB --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=493E2991BBDAC7F9EF4ED5A8FE164F46 --renderer-client-id=2 --mojo-platform-channel-handle=2340 /prefetch:1 MD5: 4D9F9AE313447C1A616574E185697E3C)
        • nw.exe (PID: 7864 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=143610A8428963D92794C8A7F12585F7 --mojo-platform-channel-handle=2932 /prefetch:2 MD5: 4D9F9AE313447C1A616574E185697E3C)
        • nw.exe (PID: 6880 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-GB --no-sandbox --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=3CCEF8E9E7D4F212DACB2716CD2DD08A --mojo-platform-channel-handle=2904 /prefetch:8 MD5: 4D9F9AE313447C1A616574E185697E3C)
        • nw.exe (PID: 7008 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-GB --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=B8E23F7305B463E8EB7E1F3EC3CAABAD --mojo-platform-channel-handle=2900 /prefetch:8 MD5: 4D9F9AE313447C1A616574E185697E3C)
    • fast!.exe (PID: 7908 cmdline: C:\Program Files (x86)\fast!\fast!.exe MD5: 3F2669BA4BA457B6F5B0F3CD949F1FDB)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" , CommandLine: "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\SetupEngine.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\SetupEngine.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\SetupEngine.exe, ParentCommandLine: C:\Users\user\Desktop\Setup (1).exe, ParentImage: C:\Users\user\Desktop\Setup (1).exe, ParentProcessId: 7068, ParentProcessName: Setup (1).exe, ProcessCommandLine: "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" , ProcessId: 8096, ProcessName: SetupEngine.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 1692, ProcessName: svchost.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\SetupEngine[1].exeReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeReversingLabs: Detection: 37%
Source: C:\Users\user\Desktop\Setup (1).exeEXE: C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exeJump to behavior
Source: https://veryfast.io/installing2.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019HTTP Parser: No favicon
Source: https://veryfast.io/installing2.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019HTTP Parser: No favicon
Source: https://veryfast.io/installing2.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019HTTP Parser: No favicon
Source: https://veryfast.io/installing2.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019HTTP Parser: No favicon
Source: https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=HTTP Parser: No favicon

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\Setup (1).exeEXE: C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exeJump to behavior
Uses 32bit PE files
Source: Setup (1).exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Uses insecure TLS / SSL version for HTTPS connection
Source: unknownHTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49740 version: TLS 1.0
PE / OLE file has a valid certificate
Source: Setup (1).exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.9:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 89.187.173.22:443 -> 192.168.2.9:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.67.65.20:443 -> 192.168.2.9:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.9:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.9:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.9:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.9:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.9:49754 version: TLS 1.2
Binary contains paths to debug symbols
Source: Binary string: $E:\build\nw26_win32\node-webkit\src\outst\nw\ffmpeg.dll.pdb source: nw.exe, 00000015.00000002.3240442579.0000000066FE2000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: E:\build\nw26_win32\node-webkit\src\outst\nw\initialexe\nw.exe.pdb source: nw.exe, 00000015.00000002.3215313071.0000000000746000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: E:\build\nw26_win32\node-webkit\src\outst\nw\ffmpeg.dll.pdb source: nw.exe, 00000015.00000002.3240442579.0000000066FE2000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdb source: diskspd.exe, diskspd.exe, 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Build\Build_vfs_2.305_D20231117T113317\veryfast.io\FastSRV\Release\FastSRV.pdb source: FastSRV.exe, 0000000E.00000000.1862343821.000000000019E000.00000002.00000001.01000000.00000014.sdmp, FastSRV.exe, 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\Build\Build_vfs_2.305_D20231117T113317\veryfast.io\proc_booster\Release-Booster\proc_booster.pdb source: fast!.exe, 0000000F.00000000.1864826004.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000012.00000002.1879032244.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000012.00000000.1876323112.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdbGCTL source: diskspd.exe, 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Build\Build_vfs_2.305_D20231117T113317\veryfast.io\proc_booster\Release-Booster\proc_booster.pdbs source: fast!.exe, 0000000F.00000000.1864826004.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000012.00000002.1879032244.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000012.00000000.1876323112.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: z:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: x:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: v:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: t:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: r:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: p:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: n:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: l:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: j:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: h:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: f:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: b:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: y:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: w:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: u:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: s:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: q:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: o:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: m:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: k:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: i:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: g:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: e:
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: c:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: a:
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_004054C6 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054C6
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00405E9C FindFirstFileA,FindClose,0_2_00405E9C
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00402654 FindFirstFileA,0_2_00402654
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,8_2_00405C49
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_00406873 FindFirstFileW,FindClose,8_2_00406873
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_0040290B FindFirstFileW,8_2_0040290B
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 12_2_00402654 FindFirstFileA,12_2_00402654
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 12_2_004054C6 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,12_2_004054C6
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 12_2_00405E9C FindFirstFileA,FindClose,12_2_00405E9C
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_00196CAD FindFirstFileExW,14_2_00196CAD
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_0093E91D __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,15_2_0093E91D
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_0093E91D __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,18_2_0093E91D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_00457210 FindFirstFileExW,FindNextFileW,FindClose,GetFileAttributesW,PathMatchSpecW,21_2_00457210
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 37.19.206.5 37.19.206.5
Source: Joe Sandbox ViewIP Address: 89.187.173.22 89.187.173.22
Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownHTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49740 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknownTCP traffic detected without corresponding DNS query: 192.124.249.23
Source: unknownTCP traffic detected without corresponding DNS query: 192.124.249.22
Source: unknownTCP traffic detected without corresponding DNS query: 192.124.249.23
Source: unknownTCP traffic detected without corresponding DNS query: 192.124.249.22
Source: unknownTCP traffic detected without corresponding DNS query: 23.40.205.18
Source: unknownTCP traffic detected without corresponding DNS query: 23.40.205.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&evt_src=installer&evt_action=mini_start&version=&defaultbrowser=default HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019 HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /src/main_code.js?t=20171020 HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /installing2.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019 HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707145843760178
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=web&evt_action=new_fcid&ncrd=1707145843767&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/117.0.0.0%20Safari/537.36 HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707145843760178
Source: global trafficHTTP traffic detected: GET /download.php?engine=1&guid=3BC72742-A345-A4E4-61BC-197C285C1019 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/plugins/jquery-3.5.1.min.js HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://veryfast.io/installing2.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707145843760178
Source: global trafficHTTP traffic detected: GET /images/fast.png HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://veryfast.io/installing2.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707145843760178
Source: global trafficHTTP traffic detected: GET /download/2.305/SetupEngine.exe HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Connection: Keep-AliveCache-Control: no-cacheHost: repcdn.veryfast.io
Source: global trafficHTTP traffic detected: GET /pcapp/images/fast.png HTTP/1.1Host: repository.pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://veryfast.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pcapp/images/fast.png HTTP/1.1Host: repository.pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://veryfast.io/installing2.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707145843760178
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: veryfast.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707145843760178
Source: global trafficHTTP traffic detected: GET /download/SetupResources.exe HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: d1uyoz7mfvzv4e.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MbwS1Ykxbhl75RS&MD=XODwZGn4 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&version=2.305&evt_src=installer&evt_action=start&channelId= HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&version=2.305&evt_src=installer&evt_action=installing HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&version=2.305&evt_src=installer&evt_action=systeminfo&dsk_iosec=59478&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=101&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=VPM8HCDF%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /register.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&ch=&version=2.305&dsk_iosec=59478&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=101&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=VPM8HCDF%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid= HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707145843760178
Source: global trafficHTTP traffic detected: GET /src/initiate.js HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707145843760178
Source: global trafficHTTP traffic detected: GET /src/main.js?t=20171020 HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707145843760178
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&version=2.305&evt_src=installer&evt_action=done HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://veryfast.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cpg.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MbwS1Ykxbhl75RS&MD=XODwZGn4 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000005B80EA71B9 HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C3C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/chat/video/videocalldownload.php", equals www.facebook.com (Facebook)
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: var url = 'http://www.youtube.com/embed/' + equals www.youtube.com (Youtube)
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Facebook Video CallingA9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
Source: nw.exe, 00000015.00000002.3221875769.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
Source: nw.exe, 00000015.00000002.3221875769.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/chat/video/videocalldownload.php, equals www.facebook.com (Facebook)
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/chat/video/videocalldownload.phpI equals www.facebook.com (Facebook)
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/chat/video/videocalldownload.phpe equals www.facebook.com (Facebook)
Source: unknownDNS traffic detected: queries for: veryfast.io
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=k9tT3q7Yfh1nx_FSl06F5UE_vdaFQreiGKe1aDN83MeveD7PL1RZXva4s-nFc9waQi9LtKavuTIba8MUkoGu58E8E81gwB_TWJ4Ng-LfCvzhem7rNrhZQ2aGvJZ9g2TYhqx2W2O4E7uHQzPk3vuLvMLxFXZsqE6NdAViQDECGpo
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/tokenGL;
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exete
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: nw.exe, 00000015.00000002.3227873986.0000000008320000.00000002.00000001.00040000.00000025.sdmpString found in binary or memory: http://code.google.com/p/chromium/issues/entry
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/112091
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/116800.
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/118629.
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/119029.
Source: nw.exe, 00000015.00000002.3228808455.00000000089A0000.00000002.00000001.00040000.00000028.sdmp, nw.exe, 00000015.00000002.3229013268.0000000008A60000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: http://crbug.com/122474.
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/123010.
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/140364).
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/231664.
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/235689.
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/258526.
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/263077).
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/275944
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/312900
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/312900.
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/319444
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/319444.
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/320723
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/371562
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/371562.
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/374970
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/378067
Source: nw.exe, 00000015.00000002.3228808455.00000000089A0000.00000002.00000001.00040000.00000028.sdmp, nw.exe, 00000015.00000002.3229013268.0000000008A60000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: http://crbug.com/415315
Source: nw.exe, 00000015.00000002.3228808455.00000000089A0000.00000002.00000001.00040000.00000028.sdmp, nw.exe, 00000015.00000002.3229013268.0000000008A60000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: http://crbug.com/415315.
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/437891.
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/456214
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/472699
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/497301
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/510270
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/514696
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/642141
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/672186).
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/717501
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/73730
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/83452
Source: svchost.exe, 00000004.00000002.3032382928.0000012B28400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassRefe
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3221875769.000000000718C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
Source: svchost.exe, 00000004.00000003.1419613515.0000012B282B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://foo.com/bar#NAMEDDEST.
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C3C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us0
Source: nw.exe, 00000015.00000002.3221875769.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_usF
Source: nw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://goo.gl/Y1OdAq
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: SetupResources.exe, SetupResources.exe, 0000000C.00000000.1798244001.0000000000409000.00000008.00000001.01000000.00000012.sdmp, SetupResources.exe, 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Setup (1).exe, 00000000.00000000.1356641852.0000000000409000.00000008.00000001.01000000.00000003.sdmp, Setup (1).exe, 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SetupEngine.exe, 00000008.00000000.1557482002.000000000040A000.00000008.00000001.01000000.0000000C.sdmp, SetupEngine.exe, 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmp, SetupResources.exe, 0000000C.00000000.1798244001.0000000000409000.00000008.00000001.01000000.00000012.sdmp, SetupResources.exe, 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/Article
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/BlogPosting
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/Corporation
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/EducationalOrganization
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/GovernmentOrganization
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/ImageObject
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/NGO
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/NewsArticle
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/Organization
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/Person
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/ScholarlyArticle
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/TechArticle
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C3C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/2O
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://w3c.github.io/uievents-key/#key-Escape
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://webk.it/62664
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://wiki.greasespot.net/Greasemonkey_Manual:APIs
Source: Setup (1).exe, 00000000.00000003.1454261455.0000000004787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://www.foo.com
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://www.foo.com/bar
Source: nw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html-132064d0
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html-3$
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html.phpL
Source: nw.exe, 00000015.00000002.3237003883.000000000C963000.00000002.00000001.00040000.00000033.sdmp, nw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html/o:(
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html14-28.htmlz
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html3f4a17df
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html8
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html937
Source: nw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3227873986.0000000008320000.00000002.00000001.00040000.00000025.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.htmlWelcome
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html_lower
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.htmlc-c
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.htmld43
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.htmld47f4f4
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.htmler
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.htmlf4a
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C3C8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html0
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://www.html5rocks.com/en/tutorials/canvas/hidpi/
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
Source: nw.exe, 00000015.00000002.3221875769.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chromep
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://www.json.com/json-schema-proposal/
Source: nw.exe, 00000015.00000002.3226253052.0000000007980000.00000002.00000001.00040000.00000026.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://www.youtube.com/embed/
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AuthSubRevokeToken
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ClientLogin
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetUserInfo
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/IssueAuthToken
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/IssueAuthToken~
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthGetAccessToken
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthGetAccessTokeng
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthWrapBridge
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthWrapBridgeB
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLoginAuth
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/TokenAuth
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/TokenAuthNL
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/YL
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenud9ca-
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chromeos
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chromeosY
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth/GetOAuthToken/
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/iframerpc
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/programmatic_auth
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://bugs.chromium.org/p/monorail/issues/detail?id=1488
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=12519.
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=28885
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=63367
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/serve_file/
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://chrome.google.com/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: nw.exe, 00000015.00000002.3227873986.0000000008320000.00000002.00000001.00040000.00000025.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/download/
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB
Source: nw.exe, 00000015.00000002.3235993069.000000000C2D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB(
Source: nw.exe, 00000015.00000002.3237003883.000000000C963000.00000002.00000001.00040000.00000033.sdmp, nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB/o:(
Source: nw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3227873986.0000000008320000.00000002.00000001.00040000.00000025.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GBChrome
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GBZG
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GBb
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GBh
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoretml17df
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.googleusercontent.com/crx/blobs/
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.googleusercontent.com/crx/blobs/7df
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/dev
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/dev/event
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/dev/experimentstatus
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/devpagek
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=162042
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=162044
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/entry
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://codereview.chromium.org/25305002).
Source: nw.exe, nw.exe, 00000015.00000002.3215313071.00000000006F3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000015.00000000.1884208099.00000000006F3000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: nw.exe, nw.exe, 00000015.00000002.3215313071.00000000006F3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000015.00000000.1884208099.00000000006F3000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: nw.exe, 00000015.00000002.3215313071.00000000006F3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000015.00000000.1884208099.00000000006F3000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://crbug.com/444752.
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://crbug.com/5448190).
Source: nw.exe, 00000015.00000002.3228808455.00000000089A0000.00000002.00000001.00040000.00000028.sdmp, nw.exe, 00000015.00000002.3229013268.0000000008A60000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: https://crbug.com/593166
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://crbug.com/701034
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://crbug.com/740629)
Source: nw.exe, 00000015.00000002.3236194245.000000000C3C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/aviator/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/aviator/Y
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/icarus/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/pilot/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/rocketeer/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/rocketeer/r
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/skydiver/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/skydiver/locking
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.izenpe.com/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.startssl.com/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.startssl.com/H
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.ws.symantec.com/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct1.digicert-ct.com/log/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct2.digicert-ct.com/log/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ctlog-gen2.api.venafi.com/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ctlog.api.venafi.com/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ctlog.wosign.com/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ctserver.cnnic.cn/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ctserver.cnnic.cn/R
Source: Setup (1).exe, 00000000.00000002.1890836719.0000000004760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1uyoz7mfvzv4e.cloudfront.net/
Source: Setup (1).exe, 00000000.00000002.1890836719.0000000004760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1uyoz7mfvzv4e.cloudfront.net/Uj
Source: Setup (1).exe, 00000000.00000003.1888494542.00000000004B9000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1889174555.000000000046E000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.1878202859.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1uyoz7mfvzv4e.cloudfront.net/download/SetupResources.exe
Source: Setup (1).exe, 00000000.00000002.1889174555.000000000046E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1uyoz7mfvzv4e.cloudfront.net/download/SetupResources.exeSStore
Source: Setup (1).exe, 00000000.00000003.1888238860.000000000050F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1889271087.000000000050F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1uyoz7mfvzv4e.cloudfront.net/download/SetupResources.exej
Source: nw.exe, 00000015.00000002.3221875769.000000000718C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datasaver.googleapis.com/v1/clientConfigs?alt=proto
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics?alt=proto
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent.keyCode#Value_of_keyCode
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Guide/CSS/Flexible_boxes)
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://developer.mozilla.org/en/DOM/document.
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://developer.mozilla.org/en/DOM/element.addEventListener
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://elements.polymer-project.org/guides/flex-layout)
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: svchost.exe, 00000004.00000003.1419613515.0000012B282E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod-C:
Source: svchost.exe, 00000004.00000003.1419613515.0000012B282B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2-C:
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/PolymerElements/iron-a11y-keys-behavior/blob/master/demo/x-key-aware.html)
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/PolymerElements/iron-flex-layout/blob/master/iron-flex-layout.html).
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/PolymerElements/iron-flex-layout/tree/master/classes)
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/PolymerElements/iron-flex-layout/tree/master/iron-flex-layout-classes.html).
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/104.
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/544
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/v8/v8/wiki/Stack%20Trace%20API.
Source: nw.exe, 00000015.00000002.3227873986.0000000008320000.00000002.00000001.00040000.00000025.sdmpString found in binary or memory: https://history.google.com/history/audio
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://log.certly.io/
Source: nw.exe, 00000015.00000002.3221875769.000000000718C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mammoth.ct.comodo.com/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mammoth.ct.comodo.com/xZ
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://poly-icon.appspot.com/)
Source: Setup (1).exe, 00000000.00000003.1888238860.000000000050F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1889271087.000000000050F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1890836719.000000000476C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/
Source: Setup (1).exe, 00000000.00000003.1888238860.000000000050F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1889271087.000000000050F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/%
Source: Setup (1).exe, 00000000.00000002.1889271087.000000000050F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/download/2.305/SetupEngine.exe
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sabre.ct.comodo.com/
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sirius.ws.symantec.com/
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divxtime
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3221875769.000000000718C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf=/
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C3C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
Source: nw.exe, 00000015.00000002.3221875769.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_realP
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwaveI
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwavem_;O
Source: nw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
Source: nw.exe, 00000015.00000002.3227873986.0000000008320000.00000002.00000001.00040000.00000025.sdmpString found in binary or memory: https://support.google.com/chrome/?p=sync_history&hl=en-GB
Source: nw.exe, 00000015.00000002.3227873986.0000000008320000.00000002.00000001.00040000.00000025.sdmpString found in binary or memory: https://support.google.com/chrome/?p=ui_supervised_users&hl=en-GB
Source: nw.exe, 00000015.00000002.3227873986.0000000008320000.00000002.00000001.00040000.00000025.sdmpString found in binary or memory: https://support.google.com/chrome/answer/185277
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784-3d47f4f4
Source: nw.exe, 00000015.00000002.3227873986.0000000008320000.00000002.00000001.00040000.00000025.sdmpString found in binary or memory: https://support.google.com/websearch?p=chromebook_audiohistory
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vega.ws.symantec.com/
Source: Setup (1).exe, 00000000.00000002.1889271087.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1888238860.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1377315147.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.1879506809.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1567951736.000000000087E000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1877247998.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.1878499559.000000000087E000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1876918413.000000000087E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/
Source: SetupEngine.exe, 00000008.00000002.1879506809.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1877247998.00000000030C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/3
Source: Setup (1).exe, 00000000.00000002.1889174555.000000000046E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/cpg.php?guid=
Source: Setup (1).exe, 00000000.00000002.1890836719.000000000476C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/cpg.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019
Source: Setup (1).exe, 00000000.00000002.1889271087.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1888238860.00000000004E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/cpg.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019%qEj
Source: Setup (1).exe, 00000000.00000002.1889271087.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1888238860.00000000004E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/cpg.php?guid=3BC72742-A345-A4E4-61BC-197C285C10192qxj
Source: Setup (1).exe, 00000000.00000002.1889271087.00000000004B9000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1888494542.00000000004B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/cpg.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019D
Source: Setup (1).exe, 00000000.00000003.1888238860.00000000004CF000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1889271087.00000000004CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/cpg.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019codeEx
Source: Setup (1).exe, 00000000.00000002.1889174555.000000000046E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/download.php?engine=1&guid=
Source: Setup (1).exe, 00000000.00000003.1888238860.000000000050F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1889271087.000000000050F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/download.php?engine=1&guid=3BC72742-A345-A4E4-61BC-197C285C1019
Source: SetupEngine.exe, 00000008.00000002.1879506809.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1877247998.00000000030C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/h
Source: SetupEngine.exe, 00000008.00000002.1878202859.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=
Source: SetupEngine.exe, 00000008.00000002.1879506809.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1877247998.00000000030C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=3BC72742-A345-A
Source: SetupEngine.exe, 00000008.00000003.1876918413.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=
Source: SetupEngine.exe, 00000008.00000002.1878499559.000000000087E000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1876918413.000000000087E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=ll(At
Source: SetupEngine.exe, 00000008.00000002.1878499559.0000000000860000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1876918413.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=t
Source: SetupEngine.exe, 00000008.00000002.1878499559.000000000087E000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1876918413.000000000087E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=wv
Source: Setup (1).exe, 00000000.00000002.1889174555.000000000046E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installing.html?guid=
Source: Setup (1).exe, 00000000.00000002.1889271087.000000000050F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1890836719.0000000004760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019
Source: Setup (1).exe, 00000000.00000003.1888238860.000000000050F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1889271087.000000000050F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019/1
Source: Setup (1).exe, 00000000.00000003.1887700041.0000000000557000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1889521213.0000000000558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019e1
Source: Setup (1).exe, 00000000.00000003.1888086336.000000000479A000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1887559933.00000000047AA000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1890943905.000000000479A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/ows_
Source: SetupEngine.exe, 00000008.00000002.1878202859.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=
Source: SetupEngine.exe, 00000008.00000003.1876918413.000000000087E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&version=2.305&evt_src
Source: Setup (1).exe, 00000000.00000003.1377315147.00000000004EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&evt_src=installer&evt_action
Source: SetupEngine.exe, 00000008.00000002.1878202859.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/register.php?guid=
Source: SetupEngine.exe, 00000008.00000002.1879462030.0000000003080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/register.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&ch=&version=2.305&
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://www.google-analytics.com/collect
Source: nw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: nw.exe, 00000015.00000003.1905359356.000000000C40C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/#q=
Source: nw.exe, 00000015.00000003.1905359356.000000000C40C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/_/chrome/newtab?espv=2&ie=UTF-8
Source: nw.exe, 00000015.00000002.3235993069.000000000C2D0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.icor
Source: nw.exe, 00000015.00000002.3227873986.0000000008320000.00000002.00000001.00040000.00000025.sdmpString found in binary or memory: https://www.google.com/intl/en-GB/chrome/browser/welcome.html52https://chrome.google.com/webstore?hl
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/j
Source: nw.exe, 00000015.00000003.1906258245.000000000C34D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/k
Source: nw.exe, 00000015.00000003.1905359356.000000000C40C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/s#q=
Source: nw.exe, 00000015.00000003.1905359356.000000000C40C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/s?q=
Source: nw.exe, 00000015.00000003.1905359356.000000000C40C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search#q=
Source: nw.exe, 00000015.00000003.1905359356.000000000C40C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=&sourceid=chrome&ie=UTF-8
Source: nw.exe, 00000015.00000003.1906052146.000000000C3D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=blah.blah.blah.blah.blah&sourceid=chrome&ie=UTF-8
Source: nw.exe, 00000015.00000002.3227873986.0000000008320000.00000002.00000001.00040000.00000025.sdmpString found in binary or memory: https://www.google.com/settings/accounthistory
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://www.google.com/speech-api/v2/synthesize?
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/stant
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit-
Source: nw.exe, 00000015.00000003.1905359356.000000000C40C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/webhp#q=
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8
Source: nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfoq
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/IssueToken
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: nw.exe, 00000015.00000002.3221875769.000000000718C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/config/plugins_2/plugins_win.json
Source: nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://www.polymer-project.org/1.0/docs/devguide/events.html#annotated-listeners).
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.9:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 89.187.173.22:443 -> 192.168.2.9:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.67.65.20:443 -> 192.168.2.9:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.9:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.9:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.9:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.9:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.9:49754 version: TLS 1.2
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00404FCB GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FCB
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00932BB0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep,15_2_00932BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_0095A85F MessageBeep,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,GetKeyState,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,MessageBeep,15_2_0095A85F
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_0095A85F MessageBeep,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,GetKeyState,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,MessageBeep,18_2_0095A85F

System Summary

barindex
Very long command line found
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: Commandline size = 2221
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: Commandline size = 2221
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_002C1446 NtQuerySystemInformation,NtQuerySystemInformation,11_2_002C1446
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00932BB0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep,15_2_00932BB0
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_002C1250: CreateEventA,GetLastError,DeviceIoControl,GetLastError,GetOverlappedResult,GetLastError,CloseHandle,11_2_002C1250
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_00191260 WTSGetActiveConsoleSessionId,WTSQueryUserToken,GetTokenInformation,GetLastError,GetLastError,wsprintfW,wsprintfW,DuplicateTokenEx,wsprintfW,wsprintfW,ConvertStringSidToSidW,wsprintfW,GetLengthSid,SetTokenInformation,wsprintfW,CloseHandle,wsprintfW,CreateProcessAsUserW,CloseHandle,CloseHandle,DestroyEnvironmentBlock,CloseHandle,CloseHandle,GetLastError,wsprintfW,DestroyEnvironmentBlock,CloseHandle,CloseHandle,GetLastError,wsprintfW,CloseHandle,CloseHandle,GetLastError,wsprintfW,14_2_00191260
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_0040310D EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040310D
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,8_2_0040352D
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 12_2_0040310D EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,12_2_0040310D
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00406B010_2_00406B01
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_0040632A0_2_0040632A
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_004047DC0_2_004047DC
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_0040755C8_2_0040755C
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_00406D858_2_00406D85
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_002C1F6011_2_002C1F60
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_002BD64011_2_002BD640
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 12_2_00406B0112_2_00406B01
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 12_2_0040632A12_2_0040632A
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 12_2_004047DC12_2_004047DC
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_0019D45114_2_0019D451
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00932BB015_2_00932BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00A7625F15_2_00A7625F
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00A765BE15_2_00A765BE
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_0094F8AB15_2_0094F8AB
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_0096D8F715_2_0096D8F7
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00A8885C15_2_00A8885C
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00A7C99015_2_00A7C990
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00961BA215_2_00961BA2
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_0099BC2115_2_0099BC21
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00944DD015_2_00944DD0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00A8AF7C15_2_00A8AF7C
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00A7625F18_2_00A7625F
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00A765BE18_2_00A765BE
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_0094F8AB18_2_0094F8AB
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_0096D8F718_2_0096D8F7
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00A8885C18_2_00A8885C
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00A7C99018_2_00A7C990
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00932BB018_2_00932BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00961BA218_2_00961BA2
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_0099BC2118_2_0099BC21
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00944DD018_2_00944DD0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00A8AF7C18_2_00A8AF7C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0042C98021_2_0042C980
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0042F36021_2_0042F360
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_004193CC21_2_004193CC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0068638B21_2_0068638B
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0041844021_2_00418440
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0067347021_2_00673470
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_004115C321_2_004115C3
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0044258021_2_00442580
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0067160421_2_00671604
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0041C73E21_2_0041C73E
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0043F78021_2_0043F780
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0045C8D021_2_0045C8D0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0042696021_2_00426960
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_00417BA021_2_00417BA0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_00451C0021_2_00451C00
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_00677D3621_2_00677D36
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0041CD1E21_2_0041CD1E
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_005D4D2021_2_005D4D20
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_005D4DF021_2_005D4DF0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_00468F2D21_2_00468F2D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_00418FC521_2_00418FC5
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0C6F021_2_66F0C6F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F066A221_2_66F066A2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F097F021_2_66F097F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0B7F021_2_66F0B7F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0D72021_2_66F0D720
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0771C21_2_66F0771C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0870021_2_66F08700
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F084E221_2_66F084E2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0B4EC21_2_66F0B4EC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F074C021_2_66F074C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0E49021_2_66F0E490
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66FA649521_2_66FA6495
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EF143921_2_66EF1439
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0A5A921_2_66F0A5A9
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F1057121_2_66F10571
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F952F021_2_66F952F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0820021_2_66F08200
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F093A021_2_66F093A0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0C33021_2_66F0C330
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F090D021_2_66F090D0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0E0B021_2_66F0E0B0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0B08C21_2_66F0B08C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0F05021_2_66F0F050
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EF21E021_2_66EF21E0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F9A1E821_2_66F9A1E8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0A17021_2_66F0A170
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0D10021_2_66F0D100
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F09EB021_2_66F09EB0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EFEE4021_2_66EFEE40
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F02E0021_2_66F02E00
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F06FF021_2_66F06FF0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F07FE621_2_66F07FE6
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F00F8021_2_66F00F80
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F26F6F21_2_66F26F6F
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0BF1021_2_66F0BF10
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F07CAC21_2_66F07CAC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F08C8021_2_66F08C80
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EFEC9021_2_66EFEC90
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F06C3021_2_66F06C30
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0BC0421_2_66F0BC04
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0AD4621_2_66F0AD46
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EF1D5021_2_66EF1D50
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F48D2A21_2_66F48D2A
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F00D0021_2_66F00D00
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0CD0021_2_66F0CD00
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0DAC021_2_66F0DAC0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0EA9021_2_66F0EA90
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F00A8921_2_66F00A89
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F09A7021_2_66F09A70
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F07A5021_2_66F07A50
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F8B8E821_2_66F8B8E8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0A8EC21_2_66F0A8EC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EF18F021_2_66EF18F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EFF85921_2_66EFF859
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F089F021_2_66F089F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F0695021_2_66F06950
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F8E91521_2_66F8E915
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_6817230021_2_68172300
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00A6C46F appears 72 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00A6C43C appears 200 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00A6C630 appears 71 times
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: String function: 002BC52F appears 37 times
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: String function: 002C834C appears 49 times
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: String function: 002B9AB6 appears 47 times
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: String function: 00192070 appears 34 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 66F4C311 appears 82 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 0066FEA7 appears 76 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 00412610 appears 50 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 0066F820 appears 33 times
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: usp10.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: hid.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: credui.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d9.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxva2.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: esent.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wevtapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kbdus.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: audioses.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mmdevapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wlanapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: twinapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dataexchange.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: explorerframe.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: atlthunk.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: firewallapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: fwbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: xinput1_4.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: xinput1_4.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: inputhost.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wscapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: samlib.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptnet.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: usp10.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: usp10.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: hid.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: credui.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d9.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxva2.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: esent.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wevtapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: node.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: node.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: napinsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: pnrpnsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wshbth.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winrnr.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: usp10.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: hid.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: credui.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d9.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxva2.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: esent.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wevtapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mfplat.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rtworkq.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msmpeg2vdec.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mfperfhelper.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msvproc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3dcompiler_47.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3dcompiler_47.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ddraw.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dciman32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: comppkgsup.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.media.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mfh264enc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.applicationmodel.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm_translator.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm_translator.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm_translator.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm_translator.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm_translator.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: usp10.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: hid.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: credui.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d9.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxva2.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: esent.dll
Source: Setup (1).exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal60.spyw.evad.winEXE@52/209@23/15
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_00421790 FormatMessageA,GetLastError,21_2_00421790
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,8_2_0040352D
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_002C1175 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueA,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,FindCloseChangeNotification,11_2_002C1175
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00932AF0 LookupPrivilegeValueW,GetCurrentProcess,OpenProcessToken,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,GetLastError,15_2_00932AF0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00932AF0 LookupPrivilegeValueW,GetCurrentProcess,OpenProcessToken,AdjustTokenPrivileges,GetLastError,CloseHandle,GetLastError,18_2_00932AF0
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_0040429B GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_0040429B
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00402036 CoCreateInstance,MultiByteToWideChar,0_2_00402036
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_009813BD FindResourceW,LoadResource,LockResource,15_2_009813BD
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_00191050 StartServiceCtrlDispatcherW,GetLastError,14_2_00191050
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_00191050 StartServiceCtrlDispatcherW,GetLastError,14_2_00191050
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Program Files (x86)\Fast!Jump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\SetupEngine[1].exeJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8184:120:WilError_03
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeMutant created: NULL
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\nsq6D8A.tmpJump to behavior
Source: Setup (1).exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\Desktop\Setup (1).exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: nw.exe, 00000015.00000003.1896740451.000000000C34F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','favicon_bitmaps_icon_id','favicon_bitmaps',#1,'CREATE INDEX favicon_bitmaps_icon_id ON favicon_bitmaps(icon_id)');R
Source: SetupEngine.exe, 00000008.00000003.1877104878.0000000000839000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Select OSArchitecture from Win32_OperatingSystem);
Source: nw.exe, 00000015.00000003.1896740451.000000000C34F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','favicon_bitmaps_icon_id','favicon_bitmaps',#1,'CREATE INDEX favicon_bitmaps_icon_id ON favicon_bitmaps(icon_id)');
Source: diskspd.exeString found in binary or memory: <LoadImage>%I64u</LoadImage>
Source: diskspd.exeString found in binary or memory: Error creating/opening wait-for-start event: '%s'
Source: diskspd.exeString found in binary or memory: Error creating/opening force-stop event: '%s'
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: C:\Users\user\Desktop\Setup (1).exeFile read: C:\Users\user\Desktop\Setup (1).exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Setup (1).exe C:\Users\user\Desktop\Setup (1).exe
Source: C:\Users\user\Desktop\Setup (1).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1904,i,11089183741404647091,17360346966721708215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\Setup (1).exeProcess created: C:\Users\user\AppData\Local\Temp\SetupEngine.exe "C:\Users\user\AppData\Local\Temp\SetupEngine.exe"
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp" > C:\Users\user\AppData\Local\Temp\dskres.xml
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\diskspd.exe C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Users\user\AppData\Local\Temp\SetupResources.exe C:\Users\user\AppData\Local\Temp\SetupResources.exe
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=
Source: unknownProcess created: C:\Program Files (x86)\Fast!\FastSRV.exe C:\Program Files (x86)\Fast!\FastSRV.exe
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\fast!\fast!.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1980,i,18441206573575363989,16074251699852785128,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\Fast!\Fast!.exe
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x2cc,0x2d0,0x2d4,0x1d0,0x2d8,0x6b6d693c,0x6b6d694c,0x6b6d695c
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --service-pipe-token=493E2991BBDAC7F9EF4ED5A8FE164F46 --lang=en-GB --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=493E2991BBDAC7F9EF4ED5A8FE164F46 --renderer-client-id=2 --mojo-platform-channel-handle=2340 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=143610A8428963D92794C8A7F12585F7 --mojo-platform-channel-handle=2932 /prefetch:2
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\fast!\fast!.exe
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-GB --no-sandbox --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=3CCEF8E9E7D4F212DACB2716CD2DD08A --mojo-platform-channel-handle=2904 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-GB --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=B8E23F7305B463E8EB7E1F3EC3CAABAD --mojo-platform-channel-handle=2900 /prefetch:8
Source: C:\Users\user\Desktop\Setup (1).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019Jump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess created: C:\Users\user\AppData\Local\Temp\SetupEngine.exe "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1904,i,11089183741404647091,17360346966721708215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\Fast!\Fast!.exeJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp" > C:\Users\user\AppData\Local\Temp\dskres.xmlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Users\user\AppData\Local\Temp\SetupResources.exe C:\Users\user\AppData\Local\Temp\SetupResources.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\Fast!\Fast!.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\diskspd.exe C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1980,i,18441206573575363989,16074251699852785128,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\fast!\fast!.exeJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\fast!\fast!.exeJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x2cc,0x2d0,0x2d4,0x1d0,0x2d8,0x6b6d693c,0x6b6d694c,0x6b6d695c
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --service-pipe-token=493E2991BBDAC7F9EF4ED5A8FE164F46 --lang=en-GB --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=493E2991BBDAC7F9EF4ED5A8FE164F46 --renderer-client-id=2 --mojo-platform-channel-handle=2340 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=143610A8428963D92794C8A7F12585F7 --mojo-platform-channel-handle=2932 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-GB --no-sandbox --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=3CCEF8E9E7D4F212DACB2716CD2DD08A --mojo-platform-channel-handle=2904 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-GB --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=B8E23F7305B463E8EB7E1F3EC3CAABAD --mojo-platform-channel-handle=2900 /prefetch:8
Source: C:\Users\user\Desktop\Setup (1).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: Google Drive.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Fast!.lnk.8.drLNK file: ..\..\..\Program Files (x86)\Fast!\fast!.exe
Source: Uninstall.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Fast!\uninstaller.exe
Source: Fast!.lnk0.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Fast!\fast!.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Setup (1).exeStatic PE information: certificate valid
Source: Binary string: $E:\build\nw26_win32\node-webkit\src\outst\nw\ffmpeg.dll.pdb source: nw.exe, 00000015.00000002.3240442579.0000000066FE2000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: E:\build\nw26_win32\node-webkit\src\outst\nw\initialexe\nw.exe.pdb source: nw.exe, 00000015.00000002.3215313071.0000000000746000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: E:\build\nw26_win32\node-webkit\src\outst\nw\ffmpeg.dll.pdb source: nw.exe, 00000015.00000002.3240442579.0000000066FE2000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdb source: diskspd.exe, diskspd.exe, 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Build\Build_vfs_2.305_D20231117T113317\veryfast.io\FastSRV\Release\FastSRV.pdb source: FastSRV.exe, 0000000E.00000000.1862343821.000000000019E000.00000002.00000001.01000000.00000014.sdmp, FastSRV.exe, 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\Build\Build_vfs_2.305_D20231117T113317\veryfast.io\proc_booster\Release-Booster\proc_booster.pdb source: fast!.exe, 0000000F.00000000.1864826004.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000012.00000002.1879032244.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000012.00000000.1876323112.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdbGCTL source: diskspd.exe, 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Build\Build_vfs_2.305_D20231117T113317\veryfast.io\proc_booster\Release-Booster\proc_booster.pdbs source: fast!.exe, 0000000F.00000000.1864826004.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000012.00000002.1879032244.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000012.00000000.1876323112.0000000000A9C000.00000002.00000001.01000000.00000015.sdmp
Source: d3dcompiler_47.dll.12.drStatic PE information: 0x9255B290 [Sat Oct 19 09:23:28 2047 UTC]
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00932BB0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep,15_2_00932BB0
Source: libEGL.dll.12.drStatic PE information: real checksum: 0x0 should be: 0x25219
Source: System.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xdc5a
Source: INetC.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xa6c6
Source: libEGL.dll0.12.drStatic PE information: real checksum: 0x0 should be: 0x186cd
Source: node.dll.12.drStatic PE information: real checksum: 0x0 should be: 0x5895e2
Source: libGLESv2.dll0.12.drStatic PE information: real checksum: 0x0 should be: 0x30ef09
Source: libGLESv2.dll.12.drStatic PE information: real checksum: 0x0 should be: 0x1f9bbb
Source: System.dll.8.drStatic PE information: real checksum: 0x0 should be: 0x3d68
Source: uninstaller.exe.8.drStatic PE information: real checksum: 0x31dffb should be: 0x7f61c
Source: ffmpeg.dll.12.drStatic PE information: real checksum: 0x0 should be: 0x11e112
Source: WmiInspector.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x21d6b
Source: nsExec.dll.8.drStatic PE information: real checksum: 0x0 should be: 0xde0c
Source: SimpleSC.dll.8.drStatic PE information: real checksum: 0x0 should be: 0x1119d4
Source: nsDialogs.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xa70c
Source: nw_elf.dll.12.drStatic PE information: real checksum: 0x0 should be: 0x71657
Source: inetc.dll.8.drStatic PE information: real checksum: 0x0 should be: 0x13c41
Source: SimpleSC.dll.8.drStatic PE information: section name: .didata
Source: nw_elf.dll.12.drStatic PE information: section name: .crthunk
Source: nw_elf.dll.12.drStatic PE information: section name: CPADinfo
Source: ffmpeg.dll.12.drStatic PE information: section name: .rodata
Source: nw.dll.12.drStatic PE information: section name: _text32
Source: nw.dll.12.drStatic PE information: section name: .rodata
Source: nw.dll.12.drStatic PE information: section name: CPADinfo
Source: nw.exe.12.drStatic PE information: section name: _text32
Source: nw.exe.12.drStatic PE information: section name: .didat
Source: nw.exe.12.drStatic PE information: section name: CPADinfo
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_3_03351C30 push eax; iretd 8_3_03351C31
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_3_03352DF0 push ss; ret 8_3_03352DF2
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_002CD0E7 push ecx; ret 11_2_002CD0FA
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_002CD7A9 push ecx; ret 11_2_002CD7BC
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_0019DB61 push ecx; ret 14_2_0019DB74
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00A6C40A push ecx; ret 15_2_00A6C41D
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00A6C95F push ecx; ret 15_2_00A6C980
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00A6C40A push ecx; ret 18_2_00A6C41D
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00A6C95F push ecx; ret 18_2_00A6C980
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_006DD0DF push ecx; ret 21_2_006DD0F2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_004161C4 push esi; ret 21_2_004161C6
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_004161B0 push esi; ret 21_2_004161B2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0066F866 push ecx; ret 21_2_0066F879
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_00410C85 push ss; ret 21_2_00410C86
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F8A786 push ecx; ret 21_2_66F8A799
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EF34B4 push ss; retf 21_2_66EF34B5
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EF5423 push ebx; ret 21_2_66EF5425
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EF5542 push ebx; ret 21_2_66EF5544
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EF104F push cs; ret 21_2_66EF1054
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EF4E9A push ebx; ret 21_2_66EF4E9C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EF4F98 push ebx; ret 21_2_66EF4F9A
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66EF4D3A push ebx; ret 21_2_66EF4D3C
Source: ffmpeg.dll.12.drStatic PE information: section name: .text entropy: 6.847400991164348

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: __EH_prolog3_GS,srand,GetCurrentThread,SetThreadGroupAffinity,atoi,sprintf_s,isalpha,sprintf_s,CreateFileA,SetFileInformationByHandle,GetFileSize,GetLastError,__aulldiv,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,GetLastError,GetLastError,GetLastError,WaitForSingleObject,GetLastError,Sleep,ReadFile,WriteFile,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,CreateIoCompletionPort,GetLastError,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WaitForSingleObject,VirtualFree,FindCloseChangeNotification,CloseHandle,??3@YAXPAX@Z, \\.\PhysicalDrive%u11_2_002C1F60
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\SetupEngine[1].exeJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\INetC.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\diskspd.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\node.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\SimpleSC.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\nw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\uninstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\SetupResources[1].exeJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\WmiInspector.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\fast!.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\SetupEngine.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\FastSRV.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\SetupResources.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\nw.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\nw_elf.dllJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: __EH_prolog3_GS,srand,GetCurrentThread,SetThreadGroupAffinity,atoi,sprintf_s,isalpha,sprintf_s,CreateFileA,SetFileInformationByHandle,GetFileSize,GetLastError,__aulldiv,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,GetLastError,GetLastError,GetLastError,WaitForSingleObject,GetLastError,Sleep,ReadFile,WriteFile,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,CreateIoCompletionPort,GetLastError,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WaitForSingleObject,VirtualFree,FindCloseChangeNotification,CloseHandle,??3@YAXPAX@Z, \\.\PhysicalDrive%u11_2_002C1F60
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Uninstall.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Fast!.lnkJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_00191050 StartServiceCtrlDispatcherW,GetLastError,14_2_00191050
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00983213 __EH_prolog3_GS,GetParent,GetParent,UpdateWindow,SetCursor,GetAsyncKeyState,InvalidateRect,InflateRect,RedrawWindow,InvalidateRect,InflateRect,UpdateWindow,InflateRect,SetCapture,SetCursor,IsWindow,GetCursorPos,ScreenToClient,PtInRect,RedrawWindow,GetParent,GetParent,RedrawWindow,RedrawWindow,GetParent,GetParent,GetParent,InvalidateRect,UpdateWindow,UpdateWindow,NotifyWinEvent,NotifyWinEvent,SetCapture,RedrawWindow,SetRectEmpty,RedrawWindow,ReleaseCapture,SetCapture,ReleaseCapture,SetCapture,SendMessageW,UpdateWindow,SendMessageW,IsWindow,IsIconic,IsZoomed,IsWindow,UpdateWindow,15_2_00983213
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00983213 __EH_prolog3_GS,GetParent,GetParent,UpdateWindow,SetCursor,GetAsyncKeyState,InvalidateRect,InflateRect,RedrawWindow,InvalidateRect,InflateRect,UpdateWindow,InflateRect,SetCapture,SetCursor,IsWindow,GetCursorPos,ScreenToClient,PtInRect,RedrawWindow,GetParent,GetParent,RedrawWindow,RedrawWindow,GetParent,GetParent,GetParent,InvalidateRect,UpdateWindow,UpdateWindow,NotifyWinEvent,NotifyWinEvent,SetCapture,RedrawWindow,SetRectEmpty,RedrawWindow,ReleaseCapture,SetCapture,ReleaseCapture,SetCapture,SendMessageW,UpdateWindow,SendMessageW,IsWindow,IsIconic,IsZoomed,IsWindow,UpdateWindow,18_2_00983213
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Contains functionality to check if the process is started with administrator privileges
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00932BB0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep,15_2_00932BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00932BB0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,EnumProcesses,OpenProcess,GetProcessImageFileNameW,CloseHandle,GetModuleHandleW,GetProcAddress,OpenProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,CloseHandle,Sleep,Sleep,18_2_00932BB0
Found API chain indicative of sandbox detection
Source: C:\Program Files (x86)\Fast!\fast!.exeSandbox detection routine: GetCursorPos, DecisionNode, Sleep
Found stalling execution ending in API Sleep call
Source: C:\Program Files (x86)\Fast!\fast!.exeStalling execution: Execution stalls by calling Sleep
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_00422D10 rdtsc 21_2_00422D10
Source: C:\Program Files (x86)\Fast!\FastSRV.exeWindow / User API: threadDelayed 9680Jump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeWindow / User API: threadDelayed 3892
Source: C:\Program Files (x86)\Fast!\fast!.exeWindow / User API: threadDelayed 3226
Source: C:\Program Files (x86)\Fast!\fast!.exeWindow / User API: foregroundWindowGot 1531
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\INetC.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\SimpleSC.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\nw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\uninstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\WmiInspector.dllJump to dropped file
Source: C:\Program Files (x86)\Fast!\fast!.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Program Files (x86)\Fast!\fast!.exeEvasive API call chain: RegQueryValue,DecisionNodes,Sleep
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeAPI coverage: 7.2 %
Source: C:\Program Files (x86)\Fast!\fast!.exeAPI coverage: 7.5 %
Source: C:\Program Files (x86)\Fast!\fast!.exeAPI coverage: 3.6 %
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeAPI coverage: 6.8 %
Source: C:\Windows\System32\svchost.exe TID: 2228Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7744Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exe TID: 8164Thread sleep count: 157 > 30Jump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exe TID: 3060Thread sleep count: 317 > 30Jump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exe TID: 3060Thread sleep time: -634000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exe TID: 3060Thread sleep count: 9680 > 30Jump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exe TID: 3060Thread sleep time: -19360000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 7240Thread sleep count: 3892 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 7240Thread sleep time: -38920s >= -30000s
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 6404Thread sleep count: 3226 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 6404Thread sleep time: -322600s >= -30000s
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 6404Thread sleep count: 57 > 30
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Users\user\Desktop\Setup (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\Fast!\fast!.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Fast!\FastSRV.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Fast!\FastSRV.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Fast!\fast!.exeThread sleep count: Count: 3892 delay: -10
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_004054C6 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054C6
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00405E9C FindFirstFileA,FindClose,0_2_00405E9C
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00402654 FindFirstFileA,0_2_00402654
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,8_2_00405C49
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_00406873 FindFirstFileW,FindClose,8_2_00406873
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_0040290B FindFirstFileW,8_2_0040290B
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 12_2_00402654 FindFirstFileA,12_2_00402654
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 12_2_004054C6 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,12_2_004054C6
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 12_2_00405E9C FindFirstFileA,FindClose,12_2_00405E9C
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_00196CAD FindFirstFileExW,14_2_00196CAD
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_0093E91D __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,15_2_0093E91D
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_0093E91D __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,18_2_0093E91D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_00457210 FindFirstFileExW,FindNextFileW,FindClose,GetFileAttributesW,PathMatchSpecW,21_2_00457210
Source: fast!.exe, 0000000F.00000003.1867916170.00000000013C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductWLN58G3BC72742-A345-A4E4-61BC-197C285C1019VMware, Inc.Noney*
Source: nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpBinary or memory string: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAFwklEQVR4XuVb208cVRgftYm+eYkv3hofjMY3fdPEGB/8E4wmJkoL0pLWWIha8GnbIixFWrvEitxauRQpsLDLZUHALnR3Z8ultaa4zOyKxoTEB6NpKrNnZ84wx/Ptw6SlLOzlnNmZcJJfstmZPXN+33znfNcVeA5CyAOhNbI/KunviTJ2i7LuE+P6zbCs/SVKGgpL2iYAPsN3cA3uicRxvZjQ311MGM8JDhtA+sGIrL1JSTSLcbxGSZGCIOHf6DyeqKS9AXPblri4YjwRies1lPjvmciwEAZ9RnXoT/K4bYgvS+RJSrqRqrICBKxAOK5tiDJuAKEXjXgwSPbRt3GMEr8NBIoCWftXlPWPBwh5yFLyUdl4mRJYoiB2AH0R18KrxkuWkKcPK4VTGwjYCektKOslXFVelPF5IGBngPVhviWCf5BHREkfAwJOAPgSsGZm5COSPm0ScI4QpmDtBau9+eadiZGCtoO5550MGZ/Lj3xcLzMJOByRhP5Bznaer6mz3kQuxIwXs9/3/J0c6yHp0azMI7i3PAkEf8Wk66pGzoyr5NRwCpD+3B3SyBy9xtljPLJrYMPLt59dwcQ9qpIDrUnyYcv2OEivNdB7rqxgXkHUPztGkhDV8SB/OaqR8nYEJLPC4Q5EBq5hXp5iXcZ4nkdI2xfRyIHvgFhugN/0iRoHIWj/UQfpse32fg1r8oGbmJSZKp87ytqSJPAL5uElfn5fGotHJqemHwGRgvBFP+JgFnHinvQa5PBYkx9ewkCACXxLmL0QEtrrdx9+zawfcHpUZSaAxjGVvUmU8VkzdW1mbxmisgcxE0BVD+JgEbAkwIC8PQ9zU9rGgrx5GPLxC1aNpwUoWvCYvCSj6cvLJPLyCd6BkNfNY/JDHey2wKFOxMk9xrUCpI94TF79AzsB1FxGvGIDrwD1OB6TfzPNzgp8O63yihBvCFCU5DH5zC1MDjI4ByBAmuUXHK0LPBMfZyYK14KzkyrPRElSgPI0rweEJB1seN7kP+1FdJFcM0WbXAUAmKVb4ZOu3IVQ2Y1M1ecqACtyf5DpOTmcypo8ZInmYtiSXKF5CFoB7yImrqEUHGz3kQbP8QS95s0Q+PA6BE0zaCVgX/uXMSQ80vBfx+nvirCO66YjtCch6UMQCtfvRfKmKwzdWHuRvBkMQSvaXhXAfMx4SoAB3VeWSFzWyfQtnE5x9Ysa6Qmlkf48sozT7nPEMguAY3cVQrGHOVmK8Z8xab+iknpfilT1IjB/Wfn+cG+dP0XagyqZuMHLLOImUwDQhMjqDUMRxE0XX3GBXThc0YnonCoZiGJ4Bhs3Pa69dk9aHPKChbi7nikVFgoEuAIE2/yjSn4qwE0OyzgOudCthZHqnF3cGIaIz1RtKwGeI0SK86t5aepnwtYBRUPowMySPKijqebFxJGLiAwu5KIN2p3lNfJoppaYhizIw8FmJj3tAFhL55yatfOzY8MztJ/uRL47rJESIGAzwJouRbRdLJP2t1kYzQTovd2puaHczPbaD1BWn4vtWBQ9LOw2oI0kHNcXMqg+ELAxMm8Fyimc9f8NoPEY8mVbJgH7bncBQE1y254AMWG8kGOPoF6ydSKX1/4COOVNbacB7+fZGY6bHS8AcHnzHXAeQMLEsQKQ9UHY94V3isv6lMMEAMFYIBA3HmbWMQ6Nx04RALx5JuS3bgdqBa7aXQANfiXI9T9Ebl/qfFnrhmE34rCm0/6kR7BiNE/ityt7lDt2IV/Vm7z99Qx+S7ByuAjZV+dDfeVtxdOG8g5l80tfqttU+WKgZRI97/KiMKigdequGCeH0bwnaDwr2GWcm0nurx1Rx45e3NB4ET96QVFrh5P+llnjGVv/ebppQv3INYSWYcEFk/5eSbkG0WJTAJWaaSwnwRNQX20YRU0nhlDoeF9qvbI7qVR0KHppqwKJjDTgM3x3rEtRjl9C63Cvewx91TiuvsKbwP/OVp2D40M/7QAAAABJRU5ErkJggg==) 1x,
Source: SetupEngine.exe, 00000008.00000003.1876918413.000000000086A000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.1878499559.000000000086A000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1567951736.000000000086A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
Source: SetupEngine.exe, 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpBinary or memory string: "C:\Program Files (x86)\Fast!\Fast!.exe"tmp\inetc.dllllation\chrome.exebmMUgaVaXfswpNGffRgAwKVWlLBcHlwUtqTOyCDcEw\nAoCsOMNrpM.exeure=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=VPM8HCDF SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000C:\Users\user\AppData\Local\Temp\nshBC38.tmp\inetc.dllllA4E4-61BC-197C285C1019&_fcid=C:\Users\user\AppData\Local\Temp\nshBC38.tmp"xe" C:\Users\user\AppData\Local\Temp\nshBC38.tmp\inetc.dllll61BC-197C285C1019&_fcid=Setup was completed successfully.nstalled.
Source: fast!.exe, 0000000F.00000002.3216935101.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: fast!.exe, 0000000F.00000003.1867916170.00000000013C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: Setup (1).exe, 00000000.00000003.1888238860.00000000004CF000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1889271087.00000000004CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
Source: fast!.exe, 0000000F.00000003.1867916170.00000000013C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductWLN58G3BC72742-A345-A4E4-61BC-197C285C1019VMware, Inc.None3
Source: SetupEngine.exe, 00000008.00000003.1771658273.00000000030B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FastSRV(ryfast.io/register.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&ch=&version=2.305&dsk_iosec=59478&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=101&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=VPM8HCDF%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000002.1879462030.0000000003080000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&version=2.305&evt_src=installer&evt_action=systeminfo&dsk_iosec=59478&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=101&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=VPM8HCDF%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000At
Source: nw.exe, 00000015.00000002.3240442579.0000000066FE2000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: xvmcidct
Source: Setup (1).exe, 00000000.00000002.1889271087.00000000004FC000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1377315147.00000000004FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.3031561038.0000012B22E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.3032973465.0000012B28457000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.1878499559.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1876918413.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1567951736.00000000008CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: SetupEngine.exeBinary or memory string: ogicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&
Source: SetupEngine.exe, 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpBinary or memory string: Remove folder: ted successfully.!.exe"tmp\inetc.dll1BC-197C285C1019&_fcid=&version=2.305&evt_src=installer&evt_action=donechitecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=VPM8HCDF SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000ze=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000sedate=20221121000000.000000+000
Source: nw.exe, 00000015.00000002.3240442579.0000000066FE2000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: yuv420pyuyv422rgb24bgr24yuv422pyuv444pyuv410pyuv411pgray8,y8monowmonobpal8yuvj420pyuvj422pyuvj444pxvmcmcxvmcidctuyvy422uyyvyy411bgr8bgr4bgr4_bytergb8rgb4rgb4_bytenv12nv21argbrgbaabgrbgragray16bey16begray16ley16leyuv440pyuvj440pyuva420pvdpau_h264vdpau_mpeg1vdpau_mpeg2vdpau_wmv3vdpau_vc1rgb48bergb48lergb565bergb565lergb555bergb555lebgr565bebgr565lebgr555bebgr555levaapi_mocovaapi_idctvaapi_vldyuv420p16leyuv420p16beyuv422p16leyuv422p16beyuv444p16leyuv444p16bevdpau_mpeg4dxva2_vldrgb444lergb444bebgr444lebgr444beya8gray8abgr48bebgr48leyuv420p9beyuv420p9leyuv420p10beyuv420p10leyuv422p10beyuv422p10leyuv444p9beyuv444p9leyuv444p10beyuv444p10leyuv422p9beyuv422p9levda_vldgbrpgbrp9begbrp9legbrp10begbrp10legbrp16begbrp16leyuva422pyuva444pyuva420p9beyuva420p9leyuva422p9beyuva422p9leyuva444p9beyuva444p9leyuva420p10beyuva420p10leyuva422p10beyuva422p10leyuva444p10beyuva444p10leyuva420p16beyuva420p16leyuva422p16beyuva422p16leyuva444p16beyuva444p16levdpauxyz12lexyz12benv16nv20lenv20bergba64bergba64lebgra64bebgra64leyvyu422vdaya16beya16legbrapgbrap16begbrap16leqsvmmald3d11va_vldcuda0rgbrgb00bgrbgr0yuv420p12beyuv420p12leyuv420p14beyuv420p14leyuv422p12beyuv422p12leyuv422p14beyuv422p14leyuv444p12beyuv444p12leyuv444p14beyuv444p14legbrp12begbrp12legbrp14begbrp14leyuvj411pbayer_bggr8bayer_rggb8bayer_gbrg8bayer_grbg8bayer_bggr16lebayer_bggr16bebayer_rggb16lebayer_rggb16bebayer_gbrg16lebayer_gbrg16bebayer_grbg16lebayer_grbg16beyuv440p10leyuv440p10beyuv440p12leyuv440p12beayuv64leayuv64bevideotoolbox_vldp010lep010begbrap12begbrap12legbrap10begbrap10lemediacodecgray12bey12begray12ley12legray10bey10begray10ley10lep016lep016bereservedgbrrgb32bgr32%s%svaapi../../third_party/ffmpeg/libavutil/random_seed.csizeof(tmp) >= av_sha_size@
Source: SetupEngine.exe, 00000008.00000002.1879462030.0000000003080000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&version=2.305&evt_src=installer&evt_action=systeminfo&dsk_iosec=59478&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=101&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=VPM8HCDF%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000002.1879462030.0000000003080000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/register.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&ch=&version=2.305&dsk_iosec=59478&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=101&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=VPM8HCDF%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000002.1879462030.0000000003080000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&version=2.305&evt_src=installer&evt_action=systeminfo&dsk_iosec=59478&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=101&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=VPM8HCDF%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000002.1879462030.0000000003080000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&ch=&version=2.305&dsk_iosec=59478&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=101&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=VPM8HCDF%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: nw.exe, 00000015.00000002.3217605351.00000000053DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: nw.exe, 00000015.00000002.3240442579.0000000066FAB000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Source: SetupEngine.exe, 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpBinary or memory string: &dsk_iosec=59478&dsk_mbsec=232&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=101&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=VPM8HCDF SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: C:\Users\user\Desktop\Setup (1).exeAPI call chain: ExitProcess graph end nodegraph_0-3074
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeAPI call chain: ExitProcess graph end nodegraph_8-3488
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeAPI call chain: ExitProcess graph end nodegraph_12-3049
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Found API chain indicative of debugger detection
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_11-5546
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_00422D10 rdtsc 21_2_00422D10
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_001915FE IsDebuggerPresent,OutputDebugStringW,14_2_001915FE
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00939539 OutputDebugStringA,GetLastError,15_2_00939539
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00932BB0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep,15_2_00932BB0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0067F119 mov eax, dword ptr fs:[00000030h]21_2_0067F119
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F9A98E mov eax, dword ptr fs:[00000030h]21_2_66F9A98E
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_00198275 GetProcessHeap,14_2_00198275
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_002CD5FA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_002CD5FA
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_00191E96 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00191E96
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_00194769 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00194769
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_00191B90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00191B90
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_00191FFB SetUnhandledExceptionFilter,14_2_00191FFB
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00A728FB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00A728FB
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00A6BF90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_00A6BF90
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00A728FB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00A728FB
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 18_2_00A6BF90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00A6BF90
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_006C11E5 SetUnhandledExceptionFilter,21_2_006C11E5
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_006572AC SetUnhandledExceptionFilter,SetConsoleCtrlHandler,new,__Init_thread_footer,21_2_006572AC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_00657387 SetUnhandledExceptionFilter,21_2_00657387
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_006758DC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_006758DC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_0066ED15 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_0066ED15
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F9B7DC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_66F9B7DC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F8A5C0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_66F8A5C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 21_2_66F89281 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_66F89281
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep, svchost.exe15_2_00932BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep, explorer.exe15_2_00932BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,EnumProcesses,OpenProcess,GetProcessImageFileNameW,CloseHandle,GetModuleHandleW,GetProcAddress,OpenProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,CloseHandle,Sleep,Sleep, svchost.exe18_2_00932BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,EnumProcesses,OpenProcess,GetProcessImageFileNameW,CloseHandle,GetModuleHandleW,GetProcAddress,OpenProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,CloseHandle,Sleep,Sleep, explorer.exe18_2_00932BB0
Source: C:\Users\user\Desktop\Setup (1).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019Jump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess created: C:\Users\user\AppData\Local\Temp\SetupEngine.exe "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp" > C:\Users\user\AppData\Local\Temp\dskres.xmlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\diskspd.exe C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp Jump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x2cc,0x2d0,0x2d4,0x1d0,0x2d8,0x6b6d693c,0x6b6d694c,0x6b6d695c
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --service-pipe-token=493E2991BBDAC7F9EF4ED5A8FE164F46 --lang=en-GB --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=493E2991BBDAC7F9EF4ED5A8FE164F46 --renderer-client-id=2 --mojo-platform-channel-handle=2340 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=143610A8428963D92794C8A7F12585F7 --mojo-platform-channel-handle=2932 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-GB --no-sandbox --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=3CCEF8E9E7D4F212DACB2716CD2DD08A --mojo-platform-channel-handle=2904 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-GB --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=B8E23F7305B463E8EB7E1F3EC3CAABAD --mojo-platform-channel-handle=2900 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\fast!\user data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\fast!\user data\crashpad" "--metrics-dir=c:\users\user\appdata\local\fast!\user data" --annotation=plat=win32 --annotation=prod=fast! --annotation=ver= --initial-client-data=0x2cc,0x2d0,0x2d4,0x1d0,0x2d8,0x6b6d693c,0x6b6d694c,0x6b6d695c
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --service-pipe-token=493e2991bbdac7f9ef4ed5a8fe164f46 --lang=en-gb --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowfetchfordocwrittenscriptsinmainframe=false,disallowfetchfordocwrittenscriptsinmainframeonslowconnections=true,cssexternalscannernopreload=false,cssexternalscannerpreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=493e2991bbdac7f9ef4ed5a8fe164f46 --renderer-client-id=2 --mojo-platform-channel-handle=2340 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="google inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --service-request-channel-token=143610a8428963d92794c8a7f12585f7 --mojo-platform-channel-handle=2932 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-gb --no-sandbox --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --service-request-channel-token=3ccef8e9e7d4f212dacb2716cd2dd08a --mojo-platform-channel-handle=2904 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-gb --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --service-request-channel-token=b8e23f7305b463e8eb7e1f3ec3caabad --mojo-platform-channel-handle=2900 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\fast!\user data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\fast!\user data\crashpad" "--metrics-dir=c:\users\user\appdata\local\fast!\user data" --annotation=plat=win32 --annotation=prod=fast! --annotation=ver= --initial-client-data=0x2cc,0x2d0,0x2d4,0x1d0,0x2d8,0x6b6d693c,0x6b6d694c,0x6b6d695c
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --service-pipe-token=493e2991bbdac7f9ef4ed5a8fe164f46 --lang=en-gb --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowfetchfordocwrittenscriptsinmainframe=false,disallowfetchfordocwrittenscriptsinmainframeonslowconnections=true,cssexternalscannernopreload=false,cssexternalscannerpreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=493e2991bbdac7f9ef4ed5a8fe164f46 --renderer-client-id=2 --mojo-platform-channel-handle=2340 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="google inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --service-request-channel-token=143610a8428963d92794c8a7f12585f7 --mojo-platform-channel-handle=2932 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-gb --no-sandbox --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --service-request-channel-token=3ccef8e9e7d4f212dacb2716cd2dd08a --mojo-platform-channel-handle=2904 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-gb --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --service-request-channel-token=b8e23f7305b463e8eb7e1f3ec3caabad --mojo-platform-channel-handle=2900 /prefetch:8
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 14_2_00191CB2 cpuid 14_2_00191CB2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,21_2_0068F079
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: EnumSystemLocalesW,21_2_0068A0ED
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetLocaleInfoW,21_2_0068F180
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,21_2_0068F24D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetLocaleInfoW,21_2_0068A700
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,21_2_0068E902
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetLocaleInfoW,21_2_0068EAE0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: EnumSystemLocalesW,21_2_0068EBD4
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: EnumSystemLocalesW,21_2_0068EB89
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: EnumSystemLocalesW,21_2_0068EC6F
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,21_2_0068ED00
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetLocaleInfoW,21_2_0068EF50
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\MANIFEST-000001 VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\js\ui.bin VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\nwjs\nw.exe VolumeInformation
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00934F80 OpenEventW,PulseEvent,CreateEventW,GetNativeSystemInfo,GetCurrentProcess,IsWow64Process,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,wsprintfW,wsprintfW,wsprintfW,RegCreateKeyW,RegQueryValueW,CloseHandle,CloseHandle,CloseHandle,CreateNamedPipeW,Sleep,Sleep,GetModuleFileNameW,ShellExecuteW,Sleep,15_2_00934F80
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_002CD498 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,11_2_002CD498
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 15_2_00A8324F GetTimeZoneInformation,15_2_00A8324F
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_0040310D EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040310D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\Default\History

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		141
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		2
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomains1
Replication Through Removable Media		3
Native API		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		3
Obfuscated Files or Information		21
Input Capture		11
Peripheral Device Discovery		Remote Desktop Protocol1
Data from Local System		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts112
Command and Scripting Interpreter		1
Valid Accounts		1
Valid Accounts		1
Software Packing		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares21
Input Capture		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts2
Service Execution		3
Windows Service		11
Access Token Manipulation		1
Timestomp		NTDS176
System Information Discovery		Distributed Component Object Model1
Clipboard Data		4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Registry Run Keys / Startup Folder		3
Windows Service		1
DLL Side-Loading		LSA Secrets481
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Bootkit		22
Process Injection		1
DLL Search Order Hijacking		Cached Domain Credentials35
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		12
Masquerading		DCSync1
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Valid Accounts		Proc Filesystem11
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt35
Virtualization/Sandbox Evasion		/etc/passwd and /etc/shadow1
Remote System Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
Access Token Manipulation		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd22
Process Injection		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
Bootkit		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1386890 Sample: Setup (1).exe Startdate: 05/02/2024 Architecture: WINDOWS Score: 60 84 veryfast.io 2->84 86 repcdn.veryfast.io 2->86 88 2 other IPs or domains 2->88 114 Multi AV Scanner detection for dropped file 2->114 116 Very long command line found 2->116 118 Found stalling execution ending in API Sleep call 2->118 120 2 other signatures 2->120 9 Setup (1).exe 46 2->9         started        13 FastSRV.exe 2->13         started        15 svchost.exe 1 1 2->15         started        signatures3 process4 dnsIp5 102 d1uyoz7mfvzv4e.cloudfront.net 18.67.65.20, 443, 49732 MIT-GATEWAYSUS United States 9->102 104 veryfast.io 161.35.127.181, 443, 49708, 49714 DIGITALOCEAN-ASNUS United States 9->104 106 1791066845.rsc.cdn77.org 89.187.173.22, 443, 49723 CDN77GB Czech Republic 9->106 66 C:\Users\user\AppData\Local\...\nsDialogs.dll, PE32 9->66 dropped 68 C:\Users\user\AppData\...\WmiInspector.dll, PE32 9->68 dropped 70 C:\Users\user\AppData\...\SetupResources.exe, PE32 9->70 dropped 72 5 other files (2 malicious) 9->72 dropped 17 SetupEngine.exe 22 81 9->17         started        21 chrome.exe 8 9->21         started        24 fast!.exe 13->24         started        26 fast!.exe 13->26         started        108 127.0.0.1 unknown unknown 15->108 file6 process7 dnsIp8 58 C:\Users\user\AppData\Local\...\inetc.dll, PE32 17->58 dropped 60 C:\Users\user\AppData\Local\...\SimpleSC.dll, PE32 17->60 dropped 62 C:\Users\user\AppData\Local\...\diskspd.exe, PE32 17->62 dropped 64 5 other files (1 malicious) 17->64 dropped 110 Multi AV Scanner detection for dropped file 17->110 112 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 17->112 28 cmd.exe 2 17->28         started        30 SetupResources.exe 79 17->30         started        33 chrome.exe 17->33         started        35 fast!.exe 17->35         started        90 192.168.2.6 unknown unknown 21->90 92 192.168.2.9, 443, 49706, 49708 unknown unknown 21->92 94 239.255.255.250 unknown Reserved 21->94 37 chrome.exe 21->37         started        40 nw.exe 24->40         started        file9 signatures10 process11 dnsIp12 43 diskspd.exe 2 28->43         started        46 conhost.exe 28->46         started        74 C:\Program Files (x86)\Fast!\nwjs\nw.exe, PE32 30->74 dropped 76 C:\Program Files (x86)\...\libGLESv2.dll, PE32 30->76 dropped 78 C:\Program Files (x86)\Fast!\...\libEGL.dll, PE32 30->78 dropped 82 7 other files (none is malicious) 30->82 dropped 48 chrome.exe 33->48         started        96 1715720427.rsc.cdn77.org 37.19.206.5, 443, 49727 INTERTELECOMUA Ukraine 37->96 98 clients.l.google.com 172.217.215.102, 443, 49710 GOOGLEUS United States 37->98 100 11 other IPs or domains 37->100 80 C:\Users\user\AppData\Local\FAST!\...\History, SQLite 40->80 dropped 122 Very long command line found 40->122 124 Tries to harvest and steal browser information (history, passwords, etc) 40->124 50 nw.exe 40->50         started        52 nw.exe 40->52         started        54 nw.exe 40->54         started        56 2 other processes 40->56 file13 signatures14 process15 signatures16 126 Found API chain indicative of debugger detection 43->126 128 Contains functionality to infect the boot sector 43->128

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Setup (1).exe17%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Fast!\FastSRV.exe4%ReversingLabs
C:\Program Files (x86)\Fast!\fast!.exe0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll3%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\libEGL.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\node.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\nw.dll3%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\nw.exe4%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\nw_elf.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\uninstaller.exe3%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\SetupResources[1].exe5%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\SetupEngine[1].exe38%ReversingLabsWin32.PUA.Generic
C:\Users\user\AppData\Local\Temp\SetupEngine.exe38%ReversingLabsWin32.PUA.Generic
C:\Users\user\AppData\Local\Temp\SetupResources.exe5%ReversingLabs
C:\Users\user\AppData\Local\Temp\diskspd.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nshBC38.tmp\SimpleSC.dll4%ReversingLabs
C:\Users\user\AppData\Local\Temp\nshBC38.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nshBC38.tmp\inetc.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nshBC38.tmp\nsExec.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\INetC.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\WmiInspector.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\nsDialogs.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://polymer.github.io/AUTHORS.txt0%Avira URL Cloudsafe
http://crbug.com/3780670%Avira URL Cloudsafe
http://crbug.com/6421410%Avira URL Cloudsafe
http://crbug.com/5102700%Avira URL Cloudsafe
https://crbug.com/5931660%Avira URL Cloudsafe
http://crbug.com/4153150%Avira URL Cloudsafe
http://crbug.com/4973010%Avira URL Cloudsafe
http://www.foo.com/bar0%Avira URL Cloudsafe
http://webk.it/626640%Avira URL Cloudsafe
https://crbug.com/7010340%Avira URL Cloudsafe
https://ct.startssl.com/0%Avira URL Cloudsafe
https://ct.startssl.com/H0%Avira URL Cloudsafe
http://crl.ver)0%Avira URL Cloudsafe
http://polymer.github.io/PATENTS.txt0%Avira URL Cloudsafe
http://crbug.com/415315.0%Avira URL Cloudsafe
http://crbug.com/4726990%Avira URL Cloudsafe
http://crbug.com/235689.0%Avira URL Cloudsafe
https://crbug.com/5448190).0%Avira URL Cloudsafe
http://crbug.com/116800.0%Avira URL Cloudsafe
http://crbug.com/3207230%Avira URL Cloudsafe
https://ct2.digicert-ct.com/log/0%Avira URL Cloudsafe
http://crbug.com/3749700%Avira URL Cloudsafe
http://crbug.com/258526.0%Avira URL Cloudsafe
http://crbug.com/140364).0%Avira URL Cloudsafe
https://crbug.com/444752.0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
1715720427.rsc.cdn77.org
37.19.206.5
truefalse
    		unknown
    scontent.xx.fbcdn.net
    		31.13.65.7
    		truefalse
      		high
      accounts.google.com
      		74.125.138.84
      		truefalse
        		high
        veryfast.io
        		161.35.127.181
        		truefalse
          		high
          www.google.com
          		74.125.136.147
          		truefalse
            		high
            clients.l.google.com
            		172.217.215.102
            		truefalse
              		high
              1791066845.rsc.cdn77.org
              		89.187.173.22
              		truefalse
                		unknown
                d1uyoz7mfvzv4e.cloudfront.net
                		18.67.65.20
                		truefalse
                  		high
                  clients1.google.com
                  		unknown
                  		unknownfalse
                    		high
                    repository.pcapp.store
                    		unknown
                    		unknownfalse
                      		unknown
                      clients2.google.com
                      		unknown
                      		unknownfalse
                        		high
                        connect.facebook.net
                        		unknown
                        		unknownfalse
                          		high
                          repcdn.veryfast.io
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://veryfast.io/pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&version=2.305&evt_src=installer&evt_action=start&channelId=false
                              		high
                              https://veryfast.io/favicon.icofalse
                                		high
                                https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019false
                                  		high
                                  https://veryfast.io/api/api.phpfalse
                                    		high
                                    https://veryfast.io/src/initiate.jsfalse
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://ct.startssl.com/nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://crbug.com/593166nw.exe, 00000015.00000002.3228808455.00000000089A0000.00000002.00000001.00040000.00000028.sdmp, nw.exe, 00000015.00000002.3229013268.0000000008A60000.00000002.00000001.00040000.00000029.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://elements.polymer-project.org/guides/flex-layout)nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpfalse
                                        		high
                                        https://www.google.com/#q=nw.exe, 00000015.00000003.1905359356.000000000C40C000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://accounts.google.com/TokenAuthnw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://chrome.google.com/webstore?hl=en-GB(nw.exe, 00000015.00000002.3235993069.000000000C2D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://crbug.com/510270nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newnw.exe, 00000015.00000002.3215313071.00000000006F3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000015.00000000.1884208099.00000000006F3000.00000002.00000001.01000000.00000016.sdmpfalse
                                                		high
                                                https://veryfast.io/ows_Setup (1).exe, 00000000.00000003.1888086336.000000000479A000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1887559933.00000000047AA000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1890943905.000000000479A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://polymer.github.io/AUTHORS.txtnw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://webk.it/62664nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://repcdn.veryfast.io/Setup (1).exe, 00000000.00000003.1888238860.000000000050F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1889271087.000000000050F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1890836719.000000000476C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schema.org/Articlenw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                      		high
                                                      https://sabre.ct.comodo.com/nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.google.com/chrome/?p=plugin_realnw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C3C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://support.google.com/chrome/answer/6258784-3d47f4f4nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://crbug.com/378067nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.foo.com/barnw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.google.com/speech-api/v2/synthesize?nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                              		high
                                                              https://veryfast.io/cpg.php?guid=Setup (1).exe, 00000000.00000002.1889174555.000000000046E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crbug.com/415315nw.exe, 00000015.00000002.3228808455.00000000089A0000.00000002.00000001.00040000.00000028.sdmp, nw.exe, 00000015.00000002.3229013268.0000000008A60000.00000002.00000001.00040000.00000029.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://accounts.google.com/AuthSubRevokeTokennw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://accounts.google.com/OAuthWrapBridgenw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.html5rocks.com/en/tutorials/canvas/hidpi/nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                      		high
                                                                      http://crbug.com/497301nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://crbug.com/701034nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://d1uyoz7mfvzv4e.cloudfront.net/Setup (1).exe, 00000000.00000002.1890836719.0000000004760000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019e1Setup (1).exe, 00000000.00000003.1887700041.0000000000557000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.1889521213.0000000000558000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://crbug.com/642141nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://chromium.googlesource.com/chromium/src/nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                            		high
                                                                            https://accounts.google.com/IssueAuthTokennw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://accounts.google.com/OAuthLoginnw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://crashpad.chromium.org/nw.exe, nw.exe, 00000015.00000002.3215313071.00000000006F3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000015.00000000.1884208099.00000000006F3000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                  		high
                                                                                  http://crbug.com/472699nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://chrome.google.com/webstorenw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.google.com/chrome/intl/en-GB/welcome.html.phpLnw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.google.com/tools/feedback/chrome/__submit-nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.google.com/chrome/intl/en-GB/welcome.html937nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://crbug.com/320723nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://polymer.github.io/PATENTS.txtnw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.google.com/chrome/intl/en-GB/welcome.htmlWelcomenw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3227873986.0000000008320000.00000002.00000001.00040000.00000025.sdmpfalse
                                                                                            		high
                                                                                            https://ct2.digicert-ct.com/log/nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://crl.ver)svchost.exe, 00000004.00000002.3032382928.0000012B28400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		low
                                                                                            http://schema.org/ImageObjectnw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                              		high
                                                                                              https://clients4.google.com/chrome-sync/dev/eventnw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://forms.real.com/real/realone/download.html?type=rpsp_usFnw.exe, 00000015.00000002.3221875769.00000000071D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://clients2.googleusercontent.com/crx/blobs/nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.google.com/favicon.iconw.exe, 00000015.00000002.3235993069.000000000C2D0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.google.com/chrome/intl/en-GB/welcome.html8nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://veryfast.io/3SetupEngine.exe, 00000008.00000002.1879506809.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1877247998.00000000030C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://nsis.sf.net/NSIS_ErrorSetupResources.exe, SetupResources.exe, 0000000C.00000000.1798244001.0000000000409000.00000008.00000001.01000000.00000012.sdmp, SetupResources.exe, 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpfalse
                                                                                                            		high
                                                                                                            http://crbug.com/116800.nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://g.live.com/odclientsettings/Prod-C:svchost.exe, 00000004.00000003.1419613515.0000012B282E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/PolymerElements/iron-flex-layout/tree/master/classes)nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                		high
                                                                                                                https://support.google.com/chrome/?p=plugin_shockwavenw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://m.google.com/devicemanagement/data/apinw.exe, 00000015.00000002.3221875769.000000000718C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://accounts.google.com/TokenAuthNLnw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://ctlog.wosign.com/nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://veryfast.io/register.php?guid=SetupEngine.exe, 00000008.00000002.1878202859.00000000007E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://accounts.google.com/embedded/setup/chrome/usermenud9ca-nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://support.google.com/chrome/?p=plugin_realPnw.exe, 00000015.00000002.3221875769.00000000071D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://ct.startssl.com/Hnw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://crbug.com/5448190).nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://www.google.com/knw.exe, 00000015.00000003.1906258245.000000000C34D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.google.com/jnw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://crbug.com/415315.nw.exe, 00000015.00000002.3228808455.00000000089A0000.00000002.00000001.00040000.00000028.sdmp, nw.exe, 00000015.00000002.3229013268.0000000008A60000.00000002.00000001.00040000.00000029.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://schema.org/NewsArticlenw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://accounts.google.com/embedded/setup/chromeosnw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://accounts.google.com/YLnw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://support.google.com/chrome/?p=plugin_wmpnw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://crbug.com/235689.nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://veryfast.io/download.php?engine=1&guid=Setup (1).exe, 00000000.00000002.1889174555.000000000046E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schema.org/Corporationnw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://veryfast.io/Setup (1).exe, 00000000.00000002.1889271087.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1888238860.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1377315147.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.1879506809.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1567951736.000000000087E000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1877247998.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.1878499559.000000000087E000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1876918413.000000000087E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://crashpad.chromium.org/bug/newnw.exe, nw.exe, 00000015.00000002.3215313071.00000000006F3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000015.00000000.1884208099.00000000006F3000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.unicode.org/copyright.htmlnw.exe, 00000015.00000002.3226253052.0000000007980000.00000002.00000001.00040000.00000026.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://chrome.google.com/webstore?hl=en-GBnw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://crbug.com/374970nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://schema.org/GovernmentOrganizationnw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.google.com/intl/en-GB/chrome/browser/welcome.html52https://chrome.google.com/webstore?hlnw.exe, 00000015.00000002.3227873986.0000000008320000.00000002.00000001.00040000.00000025.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://accounts.google.com/OAuthWrapBridgeBnw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://codereview.chromium.org/25305002).nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://crbug.com/444752.nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent.keyCode#Value_of_keyCodenw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://crbug.com/140364).nw.exe, 00000015.00000002.3230290994.0000000008D84000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://crbug.com/258526.nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://support.google.com/chrome/?p=plugin_javanw.exe, 00000015.00000002.3236194245.000000000C50C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.google.com/webhp#q=nw.exe, 00000015.00000003.1905359356.000000000C40C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.google.com/chrome/intl/en-GB/welcome.htmlnw.exe, 00000015.00000002.3235993069.000000000C331000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://mammoth.ct.comodo.com/nw.exe, 00000015.00000002.3221875769.0000000007110000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.google.com/chrome/intl/en-GB/welcome.html3f4a17dfnw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000015.00000002.3235214636.000000000B930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://support.google.com/chrome/?p=plugin_shockwaveInw.exe, 00000015.00000002.3236194245.000000000C457000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://accounts.google.com/MergeSessionnw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8nw.exe, 00000015.00000002.3235214636.000000000BA54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://developer.mozilla.org/en/DOM/document.nw.exe, 00000015.00000002.3230290994.0000000008B60000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                                                  		high

                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                  Public IPs

                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                  172.217.215.102
                                                                                                                                                                                  		clients.l.google.comUnited States
                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                  74.125.138.139
                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                  18.67.65.20
                                                                                                                                                                                  		d1uyoz7mfvzv4e.cloudfront.netUnited States
                                                                                                                                                                                  		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                  31.13.65.7
                                                                                                                                                                                  		scontent.xx.fbcdn.netIreland
                                                                                                                                                                                  		32934FACEBOOKUSfalse
                                                                                                                                                                                  64.233.177.105
                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                  239.255.255.250
                                                                                                                                                                                  		unknownReserved
                                                                                                                                                                                  		unknownunknownfalse
                                                                                                                                                                                  37.19.206.5
                                                                                                                                                                                  		1715720427.rsc.cdn77.orgUkraine
                                                                                                                                                                                  		31343INTERTELECOMUAfalse
                                                                                                                                                                                  161.35.127.181
                                                                                                                                                                                  		veryfast.ioUnited States
                                                                                                                                                                                  		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                  74.125.136.147
                                                                                                                                                                                  		www.google.comUnited States
                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                  74.125.138.84
                                                                                                                                                                                  		accounts.google.comUnited States
                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                  89.187.173.22
                                                                                                                                                                                  		1791066845.rsc.cdn77.orgCzech Republic
                                                                                                                                                                                  		60068CDN77GBfalse
                                                                                                                                                                                  89.187.173.11
                                                                                                                                                                                  		unknownCzech Republic
                                                                                                                                                                                  		60068CDN77GBfalse

                                                                                                                                                                                  Private

                                                                                                                                                                                  IP
                                                                                                                                                                                  192.168.2.9
                                                                                                                                                                                  192.168.2.6
                                                                                                                                                                                  127.0.0.1

                                                                                                                                                                                  General Information

                                                                                                                                                                                  Joe Sandbox version:39.0.0 Ruby
                                                                                                                                                                                  Analysis ID:1386890
                                                                                                                                                                                  Start date and time:2024-02-05 16:09:43 +01:00
                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                  Overall analysis duration:0h 13m 58s
                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                  Report type:full
                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                  Run name:Run with higher sleep bypass
                                                                                                                                                                                  Number of analysed new started processes analysed:29
                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                  Technologies:
                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                  Sample name:Setup (1).exe
                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                  Classification:mal60.spyw.evad.winEXE@52/209@23/15
                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                  HCA Information:Failed
                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                                  Warnings

                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 108.177.122.94, 34.104.35.123, 74.125.136.95, 142.250.9.94, 184.31.50.93, 192.229.211.108, 64.233.176.94, 74.125.136.94, 172.253.124.94
                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, slscr.update.microsoft.com, fonts.gstatic.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, update.googleapis.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net
                                                                                                                                                                                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                  • VT rate limit hit for: Setup (1).exe

                                                                                                                                                                                  Simulations

                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                  16:12:03API Interceptor1966371x Sleep call for process: fast!.exe modified
                                                                                                                                                                                  16:12:11API Interceptor2068837x Sleep call for process: FastSRV.exe modified

                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                  IPs

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  239.255.255.250dcsmio-OneDigital Health and Benefits-W2.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    dcsmio-OneDigital Health and Benefits-W2.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      http://kablemail.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        https://solarhomeph.com/luxxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          MDE_File_Sample_04afb10ed5a38a58bac2ab1a84910a4718ddb06a.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            VtTzu63V0u.exeGet hashmaliciousAmadey, Fabookie, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, StealcBrowse
                                                                                                                                                                                              https://iajjfhkbqnkrnryejn.ypiqzxx7wocs.su/uLcQ9cpy1L/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00af-2402/Bct/g-00f2/l-00ec:4d887e/ct1_1/1/lu?sid=TV2%3AisjneipctGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  http://itwgb.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    37.19.206.5https://enotice.mmsend.com/link.cfm?r=b_H3ZfGAxh2GqxcGQg3O1g~~&pe=Sb3NxPmGqLJ4SIpI2eFb62ORC5WZTTCW2xqjRbK9t5oVgQkzolQo7H0BRRTBTUT7w40TKCUYuFaDu7ocxtC-kA~~&t=zOU61wM6SJiwXWW7LBn0BQ~~Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      https://groupfuturista.com/FODOX2024.6/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        winrar-x64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          https://arthurrlemus.wixsite.com/micr/officeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            MDE_File_Sample_ba40401128d2ff2734a7e554120b7de438870654.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              161.35.127.181https://veryfast.io/downloading.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                89.187.173.22https://falcon.us-2.crowdstrike.com/search/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  https://cl.s13.exct.net/?qs=58966b71d01b46e59cb2ad5ab21882213e404d8ee1da250ec9afe95ab701241f2e4feb327c75ef2c31f5c41faa4fa8d3Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    https://p.feedblitz.com/t3.asp?/1081591/102442729/7821567_/~feeds.feedblitz.com/~/t/0/0/sethsblog/posts/~////rKvcsuIdVSbio-rad.ims-gmhb%E3%80%82de/amliaW5fam9zZUBiaW8tcmFkLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      http://leftaaa.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        https://booking.confirmation-id42564.com/p/6198569254Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          89.187.173.11https://unica.md/c/index/myaccount/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            http://leftaaa.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              https://www.frontiercabins.com/Get hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                d1uyoz7mfvzv4e.cloudfront.netSetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 52.222.214.36
                                                                                                                                                                                                                                https://veryfast.io/downloading.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 108.157.4.98
                                                                                                                                                                                                                                SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 13.224.98.113
                                                                                                                                                                                                                                SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 143.204.101.73
                                                                                                                                                                                                                                Fast! Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 13.224.89.18
                                                                                                                                                                                                                                {C57CA5B7-A655-48F9-AF02-CA9C6BB0E91B}.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 13.35.253.80
                                                                                                                                                                                                                                1715720427.rsc.cdn77.orghttp://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 195.181.175.15
                                                                                                                                                                                                                                http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 195.181.170.18
                                                                                                                                                                                                                                veryfast.iohttps://veryfast.io/downloading.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 161.35.127.181
                                                                                                                                                                                                                                fa_rss.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 3.233.131.217
                                                                                                                                                                                                                                SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 3.215.103.17
                                                                                                                                                                                                                                https://veryfast.io/downloading.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 34.195.48.210
                                                                                                                                                                                                                                SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 34.195.48.210
                                                                                                                                                                                                                                fa_rss.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 34.195.48.210
                                                                                                                                                                                                                                SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 34.195.48.210
                                                                                                                                                                                                                                Fast! Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 34.195.48.210

                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                CDN77GBhttp://itwgb.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.152.66.243
                                                                                                                                                                                                                                SecuriteInfo.com.not-a-virus.HEUR.Server-Proxy.MSIL.Luminati.gen.21829.28282.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.93.1.243
                                                                                                                                                                                                                                SecuriteInfo.com.not-a-virus.HEUR.Server-Proxy.MSIL.Luminati.gen.21829.28282.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.93.1.250
                                                                                                                                                                                                                                https://instantrickroll.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.152.66.243
                                                                                                                                                                                                                                http://instantrickroll.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.152.66.243
                                                                                                                                                                                                                                https://upvir.al/155175/lp155175Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.152.66.243
                                                                                                                                                                                                                                SecuriteInfo.com.Win32.CoinminerX-gen.29269.21386.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.152.66.243
                                                                                                                                                                                                                                SecuriteInfo.com.Win32.CoinminerX-gen.29269.21386.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 89.187.171.26
                                                                                                                                                                                                                                https://www.nireos.com/hyperspectral-imaging/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.152.66.243
                                                                                                                                                                                                                                CDN77GBhttp://itwgb.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.152.66.243
                                                                                                                                                                                                                                SecuriteInfo.com.not-a-virus.HEUR.Server-Proxy.MSIL.Luminati.gen.21829.28282.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.93.1.243
                                                                                                                                                                                                                                SecuriteInfo.com.not-a-virus.HEUR.Server-Proxy.MSIL.Luminati.gen.21829.28282.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.93.1.250
                                                                                                                                                                                                                                https://instantrickroll.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.152.66.243
                                                                                                                                                                                                                                http://instantrickroll.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.152.66.243
                                                                                                                                                                                                                                https://upvir.al/155175/lp155175Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.152.66.243
                                                                                                                                                                                                                                SecuriteInfo.com.Win32.CoinminerX-gen.29269.21386.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.152.66.243
                                                                                                                                                                                                                                SecuriteInfo.com.Win32.CoinminerX-gen.29269.21386.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 89.187.171.26
                                                                                                                                                                                                                                https://www.nireos.com/hyperspectral-imaging/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.152.66.243
                                                                                                                                                                                                                                INTERTELECOMUASecuriteInfo.com.Win32.CoinminerX-gen.29269.21386.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 37.19.207.34
                                                                                                                                                                                                                                3yPAKl30XU.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                • 130.180.210.166
                                                                                                                                                                                                                                https://www.nireos.com/hyperspectral-imaging/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 37.19.207.34
                                                                                                                                                                                                                                https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.nireos.com%2Fhyperspectral-imaging%2F&psig=AOvVaw1JYEwI4H49LZPOWn9fTBOI&ust=1706902416150000&source=images&cd=vfe&opi=89978449&ved=0CBMQjRxqFwoTCKjlrZXxioQDFQAAAAAdAAAAABAEGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 37.19.207.34
                                                                                                                                                                                                                                http://gestiley.a3hrgo.comGet hashmaliciousPorn ScamBrowse
                                                                                                                                                                                                                                • 37.19.216.10
                                                                                                                                                                                                                                https://fleek.ipfs.io/ipfs/QmcVapdtzZSMcx2xkQs2pdnichKZwVhvj5JJWR4Pgv5Dxg/Jah.html/#adam.kahl@centralian.com.auGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 37.19.207.34
                                                                                                                                                                                                                                https://t.ly/vUxxBGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 37.19.216.11
                                                                                                                                                                                                                                huhu.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                • 130.180.210.144
                                                                                                                                                                                                                                http://sub.nabprotect-livechat.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 37.19.203.67
                                                                                                                                                                                                                                DIGITALOCEAN-ASNUSS23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                • 164.90.197.162
                                                                                                                                                                                                                                mpsl-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                • 159.65.206.21
                                                                                                                                                                                                                                x86_64-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                • 157.230.201.3
                                                                                                                                                                                                                                https://ca-net-fix-assistenzaonline.codeanyapp.com/neet/net/net/login.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 45.55.112.74
                                                                                                                                                                                                                                https://t.co/kdpDbpIXphGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.248.10.131
                                                                                                                                                                                                                                https://veryfast.io/downloading.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 161.35.127.181
                                                                                                                                                                                                                                http://shavconsulting.pro/4sJXiS8461QtNA58xvgfjagste612ZTCZGPCAKJIXIUY4428DPIP1255d11&data=05%7C02%7C%7Cb8636bfa69404d52d9ab08dc22f6f08f%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638423691195224128%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C0%7C%7C%7C&sdata=aqUfmsYVzwKZCwJQRe+TTQdvv6AnL3T16V9HccuC+c4=&reserved=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 167.71.30.39
                                                                                                                                                                                                                                SecuriteInfo.com.FileRepMalware.7168.8036.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                                                                                                • 159.89.102.253
                                                                                                                                                                                                                                _INV-52892_ACH__Paid-Feb-1-2024__ for Stonhard.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 188.166.66.58
                                                                                                                                                                                                                                MIT-GATEWAYSUShttps://cdoiq2024.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 18.160.15.36
                                                                                                                                                                                                                                SecuriteInfo.com.Win32.PWSX-gen.18465.17543.exeGet hashmaliciousLummaC, Amadey, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                                                                • 18.160.60.35
                                                                                                                                                                                                                                mips-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                • 19.172.7.140
                                                                                                                                                                                                                                x86-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                • 18.70.143.94
                                                                                                                                                                                                                                mpsl-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                • 18.125.91.244
                                                                                                                                                                                                                                https://www.smtd.link.maozizhaojuan.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 18.160.18.11
                                                                                                                                                                                                                                TOcuLeqhj0.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                • 18.160.60.35
                                                                                                                                                                                                                                r1cE8H161I.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                • 18.160.60.125
                                                                                                                                                                                                                                no.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 18.160.60.35

                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                1138de370e523e824bbca92d049a3777http://kablemail.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 23.206.229.209
                                                                                                                                                                                                                                Signature requested on _Mutual NDA - Candace Graham _ Bank OZK - 4 Feb 2024_.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 23.206.229.209
                                                                                                                                                                                                                                SWift Paymant Reciept.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 23.206.229.209
                                                                                                                                                                                                                                https://support.cch.com/productsupport/outsideLink.aspx?u=http%3A%2F%2Fucl.college/rP1-alu-y5-4Gol-Q8Kvw4RAngam3TQ3E-d58Kvo-y5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 23.206.229.209
                                                                                                                                                                                                                                https://locksmithbellevuehill.net.au/xc/roundcube/?email=customerservice.bnl@hyh.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 23.206.229.209
                                                                                                                                                                                                                                http://sl.crematoxx.websiteGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 23.206.229.209
                                                                                                                                                                                                                                https://share.formbold.com/3djRrGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 23.206.229.209
                                                                                                                                                                                                                                https://bit.ly/3unyZPhGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 23.206.229.209
                                                                                                                                                                                                                                PO-_55846987.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                • 23.206.229.209
                                                                                                                                                                                                                                28a2c9bd18a11de089ef85a160da29e4dcsmio-OneDigital Health and Benefits-W2.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 20.114.59.183
                                                                                                                                                                                                                                http://kablemail.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 20.114.59.183
                                                                                                                                                                                                                                MDE_File_Sample_04afb10ed5a38a58bac2ab1a84910a4718ddb06a.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 20.114.59.183
                                                                                                                                                                                                                                https://iajjfhkbqnkrnryejn.ypiqzxx7wocs.su/uLcQ9cpy1L/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 20.114.59.183
                                                                                                                                                                                                                                https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00af-2402/Bct/g-00f2/l-00ec:4d887e/ct1_1/1/lu?sid=TV2%3AisjneipctGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 20.114.59.183
                                                                                                                                                                                                                                http://itwgb.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 20.114.59.183
                                                                                                                                                                                                                                Batoncollective New Employee 2024 Benefits Open Enrollment.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 20.114.59.183
                                                                                                                                                                                                                                Signature requested on _Mutual NDA - Candace Graham _ Bank OZK - 4 Feb 2024_.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 20.114.59.183
                                                                                                                                                                                                                                https://drive.google.com/file/d/1jXXlkl_12f-YIzALjjSTFVKv-EjsWz0-/view?usp=drive_webGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 20.114.59.183
                                                                                                                                                                                                                                37f463bf4616ecd445d4a1937da06e19598255347415042.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 161.35.127.181
                                                                                                                                                                                                                                • 89.187.173.22
                                                                                                                                                                                                                                • 18.67.65.20
                                                                                                                                                                                                                                RLDTLLRLDTLLRLDTLLRLDTLL.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 161.35.127.181
                                                                                                                                                                                                                                • 89.187.173.22
                                                                                                                                                                                                                                • 18.67.65.20
                                                                                                                                                                                                                                PANELLI_s.r.l._.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                • 161.35.127.181
                                                                                                                                                                                                                                • 89.187.173.22
                                                                                                                                                                                                                                • 18.67.65.20
                                                                                                                                                                                                                                P00000271_1705329916.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                • 161.35.127.181
                                                                                                                                                                                                                                • 89.187.173.22
                                                                                                                                                                                                                                • 18.67.65.20
                                                                                                                                                                                                                                MDE_File_Sample_04afb10ed5a38a58bac2ab1a84910a4718ddb06a.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 161.35.127.181
                                                                                                                                                                                                                                • 89.187.173.22
                                                                                                                                                                                                                                • 18.67.65.20
                                                                                                                                                                                                                                rP22783319.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                • 161.35.127.181
                                                                                                                                                                                                                                • 89.187.173.22
                                                                                                                                                                                                                                • 18.67.65.20
                                                                                                                                                                                                                                GC_Invoice_02052024_docs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                • 161.35.127.181
                                                                                                                                                                                                                                • 89.187.173.22
                                                                                                                                                                                                                                • 18.67.65.20
                                                                                                                                                                                                                                file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                                                                                                • 161.35.127.181
                                                                                                                                                                                                                                • 89.187.173.22
                                                                                                                                                                                                                                • 18.67.65.20
                                                                                                                                                                                                                                Purchase_Order_PA056223.pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                • 161.35.127.181
                                                                                                                                                                                                                                • 89.187.173.22
                                                                                                                                                                                                                                • 18.67.65.20

                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dllThunderstore Mod Manager - Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  https://github.com/microsoft/Analysis-Services/releases/latest/download/AlmToolkitSetup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        Fast! Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          {C57CA5B7-A655-48F9-AF02-CA9C6BB0E91B}.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\FastSRV.exe

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):98648
                                                                                                                                                                                                                                            Entropy (8bit):6.50695731426125
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:UfzhRR+glf+8kxh174xM/bU33zNxFTSLkujKXSaB:ULQOf+bexebjKXF
                                                                                                                                                                                                                                            MD5:B8AF4E4DFAB89560361DDB94353E7E06
                                                                                                                                                                                                                                            SHA1:8B8D97A787CC1F197F6D8C508324883E7FC9688C
                                                                                                                                                                                                                                            SHA-256:17B29000D3BBC7AC90D92E2EB48FF3116B0B1C62F199022EFEA94E35B130CA71
                                                                                                                                                                                                                                            SHA-512:F0B505EEDE60D4AB36CDA8C6F35EA530FAE5BD31945A93230DA17A69AE1E5F6426DB86FF8F9E17353E8CA34099513DFA1EDF94ABCA34E4472513C751C7EAC3DC
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a..............x.......x.......x...............................x........................l.............Rich............................PE..L....AWe...............%..........................@.......................................@.................................d>..x....p...............X..X)..........p1..p....................2.......0..@...............p............................text...:........................... ..`.rdata...g.......h..................@..@.data........P.......<..............@....rsrc........p.......F..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\fast!.exe

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1983320
                                                                                                                                                                                                                                            Entropy (8bit):6.560038398363821
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:49152:2q8ZcfzRcVhL7Wjj9ZeVWXviwpjYO0FFppJaXzD:2qtzOVh3WH9ZKWXviGjYZFFppJaXzD
                                                                                                                                                                                                                                            MD5:3F2669BA4BA457B6F5B0F3CD949F1FDB
                                                                                                                                                                                                                                            SHA1:AED38ACD1ACB45340EDC997065B47590C174A629
                                                                                                                                                                                                                                            SHA-256:44A21F47F4AE20D21DD0AB13AF299E79BC985DFD94AF96AC96D8C6D150F1412B
                                                                                                                                                                                                                                            SHA-512:1844AA591B70583A211F43428686028E94C6D1BB7099A34B370FF0E4F5F063883419208568A6B2E930AB7FAEF29B0B90EFD5E5D0D68758E4EFC287F1F9754C89
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........G.ot..ot..ot...w..ot...q.Vot...p..ot...w..ot...q..nt...r..ot...u..ot..ou..lt...p..ot...}..ot.....ot..o...ot...v..ot.Rich.ot.........PE..L....AWe...............%..........................@.......................................@..................................\..h....`...D..............X)..............p...................@...........@............................................text............................... ..`.rdata..0...........................@..@.data............R...x..............@....rsrc....D...`...F..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\credits.html

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1922937
                                                                                                                                                                                                                                            Entropy (8bit):5.0265097704672135
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:+mEufVjmNmimymFm3mt+3UCHzA+Sx2cXrDCRm0FtZZmS6h3BbZrS7Ui61GQqbdWD:D8mnLiLDJjwfuVBHrQrEK30cfkUJMQ4y
                                                                                                                                                                                                                                            MD5:F9D0858C1D14035F1E31A05A01D96631
                                                                                                                                                                                                                                            SHA1:8025032D219A17CFB137931F8E46CF48BDE2BBCE
                                                                                                                                                                                                                                            SHA-256:C2996A2628CD1F104281A210963D99EEE56A919958B518E4E2F07323B23C252C
                                                                                                                                                                                                                                            SHA-512:03E2549E2FE6A21EBB87199B5C5315241CA9918DE080CEE9DB4893AFB727ABD1B6E282013C2B4772E0A9A65FDB48ED5BE3FD0A3A0B530CF0EBB923E5A3C623E6
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview: Generated by licenses.py; do not edit. --><!doctype html>..<html>..<head>..<meta charset="utf-8">..<meta name="viewport" content="width=device-width">..<title>Credits</title>..<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">..<style>..body {.. background-color: white;.. font-size: 84%;.. max-width: 1020px;..}...page-title {.. font-size: 164%;.. font-weight: bold;..}...product {.. background-color: #c3d9ff;.. border-radius: 5px;.. margin-top: 16px;.. overflow: auto;.. padding: 2px;..}...product .title {.. float: left;.. font-size: 110%;.. font-weight: bold;.. margin: 3px;..}...product .homepage {.. color: blue;.. float: right;.. margin: 3px;.. text-align: right;..}...product .homepage::before {.. content: " - ";..}...product .show {.. color: blue;.. float: right;.. margin: 3px;.. text-align: right;.. text-decoration: underline;..}...licence {.. background-color: #e8eef7;.. border-radius: 3px;.. clear: both;.. padding: 16px;..}...li

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):3661112
                                                                                                                                                                                                                                            Entropy (8bit):6.573095716724625
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:49152:1VBD1/zMxpjAeHhtiv2dGDwhMeX1/iK6AoVCdUTFE:17ZMxpjAeHhtivBDwh1c51
                                                                                                                                                                                                                                            MD5:D808ACB53436CA8BF04F88D3B40200CB
                                                                                                                                                                                                                                            SHA1:493344C681A2269BB8C202F020AE0583814D2816
                                                                                                                                                                                                                                            SHA-256:381EC497D7D40B83616B0E82E15C597D04433ACC20E94EBE5611F954B2E5309B
                                                                                                                                                                                                                                            SHA-512:86DC1CE2AE6C7A36B2F7D4A18278CEC99A9A8743DF657B2546EF46F0E8007C94D55354FE765A9C17A2FD5B15F21693691D177407B141BE23BCDE24635093EFB5
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                            • Filename: Thunderstore Mod Manager - Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: SetupFA.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: SetupFA.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: Fast! Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: {C57CA5B7-A655-48F9-AF02-CA9C6BB0E91B}.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?W8.^9k.^9k.^9k.&.k.^9km..k.^9km..k.^9k.<=j.^9k.<:j.^9k.^8k.^9k.<8j.^9k.<<j.^9k.<9j.^9k.<0jU^9k.<.k.^9k.<;j.^9kRich.^9k........PE..L.....U............!.....F5...........*......`5..............................`8......n8...@A.........................P5.u....S6.d....p6.@.............7.8=....6........T...............................@............P6..............................text...eD5......F5................. ..`.data........`5..d...J5.............@....idata.......P6.......5.............@..@.rsrc...@....p6.......5.............@..@.reloc........6.......5.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1157120
                                                                                                                                                                                                                                            Entropy (8bit):6.720388521100998
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24576:/UNzPn6vLg6LbipXvpBvbcE1Ztkwb0gvhjPGmLKPRFQU8gn3s:/U5/6vLg6LOKE1ZtbvhzG/JFQU83
                                                                                                                                                                                                                                            MD5:1A5F9ED8803FBB93655A123C208DB365
                                                                                                                                                                                                                                            SHA1:A4BB2F6AEFD020570A954E95ABCB45C94DF34D63
                                                                                                                                                                                                                                            SHA-256:EED485D2D5D5D731AA34F7C2A25691BB4EFFD0CBAF4E77A95D8FE704DFD01538
                                                                                                                                                                                                                                            SHA-512:E217104FA1F545C929FC85845DE6D403011C11C0233E73CC0A75DA5788C800501E9FEEF7793C8A5A45D34D253357FB7E2779BEAD6B9A4FEC42EE85D10504C07D
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7O..s..Ks..Ks..K.s.J\..K.s.J...K.s.JG..K.:Kp..KHp.Jj..KHp.Je..KHp.Jc..Ks..K`..K.s.Jv..Ks..K...K.p.J...K.p.Jr..K.p.Jr..KRichs..K................PE..L...Ro.Z.........."!.........l...............................................@'...........@.........................0...<...l...<.............................&..k......8...............................@...............l............................text............................... ..`.rdata...r.......t..................@..@.data...0{...0......................@....rodata.......&......,..............@..@.gfids........&......:..............@..@.reloc...k....&..l...<..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\icudtl.dat

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):10196592
                                                                                                                                                                                                                                            Entropy (8bit):6.187370398127412
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:196608:AkUPty2AZfpN9wliXUxjdyRWhlEzkuaxQ2:u12Zh8liXUxjdyRWhlEzkJxt
                                                                                                                                                                                                                                            MD5:BE464D15F6FB048F06C686CF84A5E8A5
                                                                                                                                                                                                                                            SHA1:FDF57B70D4F3BF029B164E8AD2E2914912D80404
                                                                                                                                                                                                                                            SHA-256:2399E3149C121DDA8C30C622574F1EF9D0B26E4BB665E80E4643E6CF6597602F
                                                                                                                                                                                                                                            SHA-512:74130FFB3A43A76B286F55885D4FC0DED83DBC8389C734A0BC79D1981A6F64DC1928CCB8774A0901B76BE5C492E84FCA7BC4EFE27F430E5D3941C8BC3FB1B52C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .&...4... ^..D...p^..T....^..d.......t...p.......@...............`.......p.......................`.................../.......@.......P...`...`.......q...........`........".......C...... D.......&......`........?&.%....J&.<....K&.S....R&.m....S&......[&......\&......a&.....`d&......e&.......'.....`.(.5...Pe*.W...@H,.w...0....... ./.......1.......1.....p.1.......1."...`.1.;...pM2.W.....2.u...`.4.......5.......6.....@!6......"6......"6......J6......K6."...@m6.7....6.L.....6.a...0 7.v....D7......h7.......7......'8......'8......M8......N8......P8.-....P8.E....P8.Z.....8.p....8.....p.8.....P.8.....P.8.....P.9.......9......9.. ...9.) ..0.9.> ..P.9.V ....9.k ....:.. ...d:.. ...:.. ..P.:.. ....:.. ....:.. ..`.:..!...:..!..0.:.1!....:.F!.. .<.[!....<.p!....@..!..@.A..!...9A..!...UA..!...VA..!...qA..!...qA.."....A.."....A.0"..0LB.E"...LB.]"...LB.r"..

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\libEGL.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):79872
                                                                                                                                                                                                                                            Entropy (8bit):6.272851032614018
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:PbX1lRbkAcXNeW9Wq3uYrDf8QuBOpTnsWGrcdmrFsvkrbUyD6:DlZ6+42kJzm2crAym
                                                                                                                                                                                                                                            MD5:3D91701E1DB09BAF08072A8BA4966B4A
                                                                                                                                                                                                                                            SHA1:E8DF6EDBEB2D3114F84E41FAD0172183959C3055
                                                                                                                                                                                                                                            SHA-256:33F1CDAFA504D9B6AD973B499991AD7D39D71C1E7A875DAFC963CF8853113DE3
                                                                                                                                                                                                                                            SHA-512:44DA984D540EB566713C0C6000899C8A20FA27D84C68D45BBCCEB170C737A4DA73470B91E300DA3682E17EB370D46F3F11CACF7ECE996A21895BEF0B091DC480
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`9pk$X.8$X.8$X.8I..9-X.8I..9QX.8I..9<X.8...95X.8...92X.8...9+X.8...9'X.8I..9&X.8$X.8.X.8...9%X.8...9%X.8...8%X.8...9%X.8Rich$X.8................PE..L....*.Z.........."!......................................................................@.................................X...<....`.. ....................p..8...P...8...............................@...............$............................text............................... ..`.rdata..Nl.......n..................@..@.data........0......................@....gfids.......P....... ..............@..@.rsrc... ....`......."..............@..@.reloc..8....p.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):3175936
                                                                                                                                                                                                                                            Entropy (8bit):6.741601405971993
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:49152:PKlgHyXxQppGCYBidljbsROv/ZLDTMxrhxLd5nn6pHgoTdt8V98fWiorrTp6b0hQ:PagHyXxgpGCYBsbom/ZLgnqn4VWfA
                                                                                                                                                                                                                                            MD5:7E5AC4F889AB8A2078E3C6232FE8A22E
                                                                                                                                                                                                                                            SHA1:F43974B6D7FBC49995D0633F70AE52DDC74B65A6
                                                                                                                                                                                                                                            SHA-256:A7402A23ADDCA3EB67154519542797199E282A731275965EBB2EDCDDD430BA63
                                                                                                                                                                                                                                            SHA-512:85D608FEDEAF67FC063F4FAE4C0C43D65DEACD694491F8970B148CF22FC6390AE269E9F031E144B3AB164547C93CDEC2B1F5EDC057415FCCA6B57024ECFDB14A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q.NZ0h.Z0h.Z0h.7mk.k0h.7mm..0h.7ml.k0h.ank.A0h.anm.)0h.anl.y0h..nl.P0h.7mi.W0h.Z0i..0h..nm..1h..nh.[0h..n..[0h..nj.[0h.RichZ0h.................PE..L....*.Z.........."!......$........... .......$...............................1...........@..........................;..8h..(........p/.8...................../..~....-.8.....................-.....8.-.@.............$..............................text...".$.......$................. ..`.rdata........$.......$.............@..@.data...........D..................@....tls.........P/.....................@....gfids.......`/.....................@..@.rsrc...8....p/.....................@..@.reloc...~..../.....................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\am.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):308990
                                                                                                                                                                                                                                            Entropy (8bit):4.989569682149892
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:AhTwNNE2wRY6NK6fWdpHcCE9G2KDqRhSoT+CdulqdAuA8D/WPnj5mqGr9R3rvSWL:Ah+EVwueuqSq6T+Gz7+uf
                                                                                                                                                                                                                                            MD5:3487D77760CF08ED1DD22844263A6A05
                                                                                                                                                                                                                                            SHA1:1A295AAC1C2D4110CFEF136720EF9EA453758812
                                                                                                                                                                                                                                            SHA-256:C14D8ACC6B1662071FFBE20BC7032EA5AC7CDE0014923E30918419A385A98C6E
                                                                                                                                                                                                                                            SHA-512:672BF545BBA5C9CDF3381E8FE4F697FD0E44E6A7E31FA72F38FEDDDDCED9FB5D4313BCD165CC8E5B9DB78A14F690861CEEC8B0AF5895544C1888780361EA04EC
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........;.c.v..o..w..o..x.5o..y.@o..z.Lo..{.[o..|.fo..~.no....so.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p....#p....*p....1p....8p....:p....<p....=p....>p....Cp....vp.....p.....p.....p.....p.....q.....q.....q.....q.....q.....r....8r....Ur....tr.....r.....r.....s.....s.....s.....s.....s....3s....Cs.....s.....s.....s.....t....#t....@t....xt.....t.....t.....t.....t.....t....3u....Yu....yu.....u.....u.....u.....u.....u.....v....<v.....v..!..v.."..v..#..v..$..w..'.Pw..(.aw..1..w..2..w..3..w..4..w..5..w..6..w..7..x..8.Cx..9.Kx..<.ox..=..x..>..x..?..x..@..x.....y.....y....;y....`y.....y.....z....-z....^z.....z.....z.....{.....{.....|.....|.....}....g~....,.....H.............................p...........}.....}..........................%......................V...................................z..........9.....|.................?.....x...........x........................................i.....#..........T...........&...........a..........e.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\ar.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):301213
                                                                                                                                                                                                                                            Entropy (8bit):5.042686869043563
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:KiTNc1JmImtj+px4UuilzOmOraGZ/Gz1NlkL7NDn:nc3mtKparilzOmOuGZ/Gz1Nl67NDn
                                                                                                                                                                                                                                            MD5:3D448AB497AA1799D45EAE7109384D91
                                                                                                                                                                                                                                            SHA1:7F45D4F715B834CE4BB2F88FE0748E4CBBF6EA24
                                                                                                                                                                                                                                            SHA-256:9D2BDB4983F7472B82A8972FFB27AB6D91ED06395A0677EFA41DBE90CE9EAF1F
                                                                                                                                                                                                                                            SHA-512:D7D2E2AEE35B86D212D1434E0C50574C09D14341E9340A9E451BA14F9B1FE06449F499E84001C9B11530498BF3A3E5C4BFF3148EE131FFB74FE0F26614CD6080
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v..n..w..n..x..o..y..o..z..o..{.)o..|.4o..~.<o....Ao....No....To....co....to....}o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p....=p...._p....xp.....p.....p.....p.....p....Mq....lq.....q.....q.....q.....q....)r....Fr....Nr.....r.....r.....r.....r.....r.....r....7s....Ws.....s.....s.....s.....t....bt....wt.....t.....t.....t.....t....9u....[u....wu.....u.....u.....u.....u.....u.....v....*v.....v..!..v.."..v..#..w..$.4w..'.Ow..(.fw..1..w..2..w..3..w..4..w..5..w..6..w..7..x..8.?x..9.Ix..<.cx..=..x..>..x..?..x..@..x.....x.....y....6y....Ly....py.....y.....y....)z....Yz.....z.....z....V{....6|.....|....5}.....}.....~.....~..........%.....R.....x...........Q..................................B.......................u..........B............... .................4.....e.....{...........%....._...........h...........%.................a................d...........z..........N.......................u...........s......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\bg.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):352497
                                                                                                                                                                                                                                            Entropy (8bit):4.755138455706617
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:q1rE8AR5OiIglYhUEJGbApQ3KtAdmjBdvL9E9hyh5HpSSJoDGz6tXR1MvcZZ9l5y:qJc5OiIglYhU2p6KtAgjvvL9E9hyh5Ht
                                                                                                                                                                                                                                            MD5:6A0E10DB2A0E3F03C7FA7D645E08E590
                                                                                                                                                                                                                                            SHA1:CB70A74193924979379B48756BBBC06644FA06BF
                                                                                                                                                                                                                                            SHA-256:FE78BF7586038401BBD4263A7DDC308C51CBF56755AE53C58239827A12DB3C72
                                                                                                                                                                                                                                            SHA-512:BAEF89EFC49122DAF10C72FFBF7A49C4A96E6395BB8D14A24411C5944950F18D7CEDC510995E7276FAFAB7A460F2F14F4932F83B50EC3B2B53B7C6A73639AE19
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........3.k.v..n..w..o..x.To..y.\o..z.ho..{.wo..|..o..~..o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p...."p....'p..../p....7p....?p....Fp....Mp....Tp....Vp....Xp....Yp....Zp...._p.....p.....p.....p.....q....$q....(q....Eq.....q.....q.....q.....r....Cr....Sr....xr.....r.....r.....s.....s.....s.....s....%s....Hs....[s.....s.....s....Vt....jt.....t.....t.....u....&u...._u....~u.....u.....u....<v....sv.....v.....v.....v.....w.....w....Sw....gw.....w.....x..!.Jx..".Mx..#.kx..$..x..'..x..(.4y..1..y..2..y..3..y..4..y..5..y..6..z..7."z..8..z..9..z..<..z..=..z..>.({..?.4{..@.b{.....{.....{.....{.....{...."|.....|.....|.....|....-}....w}.....}.....~...........................E.....Y......................B................Y.....Y..................................................g..........6...............>...........-.................................._...........i...................... .....x...........................F...........C.....................6.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\bn.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):462072
                                                                                                                                                                                                                                            Entropy (8bit):4.3464305039308515
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:8gTKfUNuoRNI84PZcru+GLNJ8a/DNnSouL/AEUVOmZCjQAJ7ExApk/hiS4XqKs+x:xKCI84RhDLNJ8a/DtRIGz/TrH2v
                                                                                                                                                                                                                                            MD5:1D1702C905BD17A8B159CC96D71F80A0
                                                                                                                                                                                                                                            SHA1:A97058A2AC40C25C042765C2349CB92178F32A6D
                                                                                                                                                                                                                                            SHA-256:12DB687A023BDDCB0BD4C52C13B33FE2386A4B7C59BFF5DD47463D91438627DE
                                                                                                                                                                                                                                            SHA-512:C5A79411D5D1396A2BCB40426998BEF063B01F49AECF408E605E38BC32097F17C2B3E7B0E6FB5E1E2C89104DCD4700390E3313F996ECD7D9C0A347F58492EE9D
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........F.X.v..o..w.Go..x.ro..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....o.....o.....o.....p.....p.....p....*p....0p....Bp....Jp....Op....Wp...._p....dp....lp....sp....zp.....p.....p.....p.....p.....p.....p.....p.....q....9q....aq.....q.....q.....q....nr.....r.....r.....r.....s....)s....fs.....s.....s.....t.....t.....t....-t....Nt....jt.....u.....u.....u.....u.....u.....v....zv.....v.....v.....v....)w....8w.....w.....w....>x.....x.....x.....x.....x.....y....#y....fy.... z..!.tz..#.wz..$..z..'..{..(.;{..1..{..2..{..3..{..4..{..5..|..6.I|..7.i|..8..|..9..|..<..|..=."}..>.^}..?..}..@..}.....}.....~....R~.....~.....~....F.....p.................J................=.....................%.....Q..........".....n.......................C.....C.............................................(................m.....$.....6...................................$...........6..........{.................G...........................].................^................}................[.......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\ca.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):219172
                                                                                                                                                                                                                                            Entropy (8bit):5.446597696608438
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:PbVolhDbKnDnTi1oiSd37OLwsSngsB4HLPg5GRBWeOP4s2uxRnGbDRyl5ML8XXLE:PbyVbKnDnTi1oiSdL/sSngsB4HLPg5Gl
                                                                                                                                                                                                                                            MD5:FB6E7970211D5625E835D555D4BBA48B
                                                                                                                                                                                                                                            SHA1:A257D099D65F49ED7FBC28AED4126E413837E712
                                                                                                                                                                                                                                            SHA-256:A05F12CBEE17DCA00B5FF5AE2F765934DE0BF4BD3DE2399E148E2A4B4C27CF15
                                                                                                                                                                                                                                            SHA-512:6850CE28F69461FC9CB91F26D39C02A8C16D7873EC1C7F72C7A3FEB7D508BE85B8F2CC8384F88681D5C420F0A3705A21F53B53D44DD2088E57E7E3ED29336F35
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........*.t.v..n..w..n..x..n..y..o..z..o..{."o..|.-o..~.5o....:o....Go....Mo....\o....mo....vo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p....,p....Fp....`p....yp.....p.....p.....p.....p.....p....+q....Lq....tq.....q.....q.....q.....q.....q.....r.....r.....r.....r....!r.....r....pr....vr.....r.....r.....r.....s....?s....Os....fs....us.....s.....s.....s.....s.....t....5t....At....Mt....Rt....wt.....t.....t.....t..!..u.."..u..#.4u..$._u..'.|u..(..u..1..u..2..u..3..u..4..v..5..v..6.+v..7.9v..8.Rv..9.hv..<..v..=..v..>..v..?..v..@..v.....v.....v.....w....'w....Iw.....w.....w.....w.....w....%x....ex.....x....ay.....y....Ez.....z.....{.....{.....{.....{.....|....9|.....|.....|.....~.....~....]~....p~....}~.....~.....~.....~..........p..............................................[.......................$.....a..........!......................._.........................................................[...................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\cs.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):222928
                                                                                                                                                                                                                                            Entropy (8bit):5.8492319738474245
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:EysrTWAyYEh+dhmboD8Ht/c7GzQN1iQ3SGa8QXNsBsy:EjTWadND8N/AGzM3SGa8QXysy
                                                                                                                                                                                                                                            MD5:0DE45D7E1B412E22BE95C3B287FFD829
                                                                                                                                                                                                                                            SHA1:D5A325663828D2D83E213F5FD21A19CB87552012
                                                                                                                                                                                                                                            SHA-256:1AAC639E8082714EBAB136897BEF570FC71A9E5C16CD6B863DF7DD90225CE359
                                                                                                                                                                                                                                            SHA-512:8E5FC0AC02D788383360261CB69DAD899D4A0D90FED656768962B912D0E2E61FD177BB6401D355D4F71B668733ACA7F61F0528E420E8BB2CF405D50DDB0D285F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........(.v.v..n..w..n..x..n..y..o..z..o..{..o..|.(o..~.0o....5o....Bo....Ho....Wo....ho....qo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.... p....=p....Mp...._p....qp....up....~p.....p.....p.....q....+q....Sq....mq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....r....Dr....Ir.....r.....r.....r.....r.....r.....s....&s....8s....Ys....\s.....s.....s.....s.....s.....s.....s.....s....%t....-t....>t.....t..!..t.."..t..#..t..$..t..'..u..(..u..1.Ru..2.cu..3.fu..4..u..5..u..6..u..7..u..8..u..9..u..<..u..=..v..>.0v..?.0v..@.<v....Hv....`v.....v.....v.....v.....w....5w....nw.....w.....w.....x....ox.....y....oy.....y.....z....C{....k{.....{.....{.....{.....|....f|.....|.....}....B~....O~....v~.....~.....~....*.....H.................d................%.....g.....m......................^................b.......................c................K......................T................5.................u..........E.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\da.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):200377
                                                                                                                                                                                                                                            Entropy (8bit):5.499414523111267
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:bVNljn0aCxSv5c65RWOy+wKcZHH9f9C14bjT5o5w70btoGzZomQvTiJg8go+be:bVN+y5c0sOJwK2Hd9zz8w70yGz6Tilb/
                                                                                                                                                                                                                                            MD5:47C0B2B8CC6588F2A15102D72C7EDE08
                                                                                                                                                                                                                                            SHA1:F6A166B0187034D145405EDC2768D38EF33146C2
                                                                                                                                                                                                                                            SHA-256:F07438552FA00CB5162496E4F2B28F65CD6A4B00DDF55D2A81D199D0C27E6B01
                                                                                                                                                                                                                                            SHA-512:B25B8A35FB9E4ECBB42534B1B3EE1A6A4201FE37FA9A5EF3244C9FFF4810A1D5326C88DDA321E80FA6D3A97B82601175C58511D29F851615457DFD322C4C200C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........6.h.v..n..w..o..x..o..y.#o..z./o..{.>o..|.Io..~.Qo....Vo....co....io....xo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.... p....!p....#p....Np....cp....qp.....p.....p.....p.....p.....p.....p.....q.....q....Vq....fq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q....1r....8r....vr....zr.....r.....r.....r.....r.....r.....r.....s.....s....Ms....[s....ns.....s.....s.....s.....s.....s.....s.....s....!t..!.:t..".=t..#.[t..$..t..'..t..(..t..1..t..2..t..3..t..4..u..5..u..6. u..7.+u..8.@u..9.Iu..<.Vu..=.nu..>..u..?..u..@..u.....u.....u.....u.....u.....u....4v....Iv....pv.....v.....v.....v....Nw.....w....Ax.....x....Hy.....y.....y.... z....2z....Pz....lz.....z.....{....8|....8|....~|.....|.....|.....|.....|.....}....,}....D}.....}.....}....\~.....~.....~.....~....8.....5.....^.............................H.....................D......................{...........{..........B.....i.............................*.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\de.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):218238
                                                                                                                                                                                                                                            Entropy (8bit):5.500424742834676
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:Qn9+TpDs0JIReHsIHqlEmLCfknlY7jWTjTWeU8vRiGz8ry/ZWNP42RsHRYo2:Qn9/0egsIHYnftRiGztDRYj
                                                                                                                                                                                                                                            MD5:71347994A421DBF425662118AF56C443
                                                                                                                                                                                                                                            SHA1:E0FA1F936A7F74CE82F5EEB65B539567B14D15E7
                                                                                                                                                                                                                                            SHA-256:E9DB38929474FFA230FFADC27660E8D37E882FBE462E7EFA08E07E6F420EF403
                                                                                                                                                                                                                                            SHA-512:994EB2E561A96A97A030C25B8F0F2BD8DC8F332BEAB7D9BE081A478B7766351A93A2E8CC9C932C2959C6725FD7D2B93AF5F894E1A2D7D06EAEF16E2BAAE8FB93
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v..n..w..n..x..n..y..n..z..n..{..n..|..n..~..n.....n.....n.....o.....o.... o....)o....>o....Ko....Qo....`o....fo....xo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p....0p....4p....Gp.....p.....p.....p.....p.....q.....q....0q....Gq....Oq....{q.....q.....q.....q.....q.....q.....q.....q.....q....5r....>r....Tr....~r.....r.....r.....r.....r.....r.....r..../s....Ds....[s.....s.....s.....s.....s.....s.....s.....s....At..!.at..".dt..#..t..$..t..'..t..(..t..1..u..2..u..3..u..4.!u..5.-u..6.Bu..7.Pu..8.hu..9.qu..<.~u..=..u..>..u..?..u..@..u.....u.....u.....v....2v....Qv.....v.....v.....v.....w....+w....kw.....w.....x.....x.....y.....z.....z.....z.....z.....{....2{....U{.....{....$|...._}...._}.....}.....}.....}.....}.....~.....~.....~.....~....@.......................A.....C......................;.....]...........".....m.....o............................`................V.......................................X..........-.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\el.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):387722
                                                                                                                                                                                                                                            Entropy (8bit):4.837634876889597
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:x9OX8kykLkn2Ma2hAM3eWrm4umqat4lFvkIC7x5ZimgDqW7bavxJsU+XLQPJS0GO:x9OX8kykLkn2Ma2hAM3eWrm4umqat4lq
                                                                                                                                                                                                                                            MD5:E7A605E0D6E04468D8A28DC4591161A3
                                                                                                                                                                                                                                            SHA1:07200D4BE98459C7CBE20A38DBBC3DCD8393FBA4
                                                                                                                                                                                                                                            SHA-256:7A14061D24CD9ABDE15A56314B6082E414B75D4AB2251BBF3F811F1085B6BB60
                                                                                                                                                                                                                                            SHA-512:3416D5E8A05D75A5B60F6BEC6836814B45CF2A8A9D4905D23672028B3D087B7F86BD7CBB9DA381F702245009F51DE8D6E797719B1C20927C0E8D754279F24CD6
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........".|.v..n..w..n..x..o..y..o..z."o..{.1o..|.<o..~.Do....Io....Vo....\o....ko....|o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p.....p....Op....yp.....p.....p.....p.....q.....q.....q.....q.....r.....r....Vr....fr.....r.....r.....r....+s....2s....5s....6s....Is....as....vs.....t.....t.....t.....t.....t..../u.....u.....u.....u.....v....Av....Sv.....v.....w....Cw.....w.....w.....w.....w.....x....+x....Nx.....x..!.%y..".(y..#.Fy..$..y..'..y..(.&z..1.uz..2..z..3..z..4..z..5..z..6..{..7..{..8.]{..9.i{..<..{..=..{..>..|..?..|..@.-|....j|.....|.....|.....|.....}.....}.....}.....~....r~.....~....R..... ............................. .....>................$.....o.........................../.....H....._.....}...........O......................|.......................".......................s...........S.......................M........................................"................t...........a......................k.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\en-GB.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):181246
                                                                                                                                                                                                                                            Entropy (8bit):5.546919367869908
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:rmoOpjHeCY3dlu4CltwM49eR4+8lyriAZm6GzoEpqH6WuQ2oRgglg8d5AS:qoOpjajM49eW+8l+46GznQ2ozv
                                                                                                                                                                                                                                            MD5:1F127BBBD8E6CF5F9E4A98AE731C8B87
                                                                                                                                                                                                                                            SHA1:C30636030CAFBE0972E5ED59D3972262716F3552
                                                                                                                                                                                                                                            SHA-256:6E466C5445AB44D22B300CA26061D8A23B45DEAECD56B3843BED4191468A0D82
                                                                                                                                                                                                                                            SHA-512:8644B558CA0757F53BB9E8D0D5B9F7FFAD1ACEB648696F5774F888B0B3D6B3708A4B28DC80FBAFB05C4E4F6D9BE6DA8069C1270C03240FA29DF1B0F982B1B86A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........j.4.v.^o..w.ho..x.wo..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....o.....o.....o.....p.....p.....p....+p....1p....Cp....Kp....Pp....Xp....`p....hp....op....vp....}p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p....,q....5q....iq....|q.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r....&r....-r....4r....Yr....]r.....r.....r.....r.....r.....r.....r.....r.....r.....r.....r....(s....8s....Ks....]s....es....rs....ws.....s.....s.....s.....s..!..s.."..s..#..t..$.At..'.Ot..(.`t..1.yt..2..t..3..t..4..t..5..t..6..t..7..t..8..t..9..t..<..t..=..t..>..u..?..u..@.!u....1u....?u....Uu....fu....|u.....u.....u.....u.....v..../v....cv.....v....Uw.....w.....w....]x.....x.....x.....y....%y....Ky....ly.....y.....z.....z.....z....9{....F{....P{....c{....z{.....{.....{.....{....I|.....|.....|....Z}....^}.....}.....}.....~.....~.....~.....~....Q.....s.................W......................-.....X...........,.................U.....{.......................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\en-US.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):182614
                                                                                                                                                                                                                                            Entropy (8bit):5.535427154888747
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:9c4eClhTz7vjYUP1f4Clu+M49eED3JBcyF/Uk4HGzKEphBqk8w2oqggl4lxvaBv:9zT91M49e23JBceuHGzOw2olG
                                                                                                                                                                                                                                            MD5:6032FD2B0B129F278FDCCA1DE6A48A58
                                                                                                                                                                                                                                            SHA1:4ADFBC1742399C1C9FF2FB43F41C018B22510BC4
                                                                                                                                                                                                                                            SHA-256:602D1BCD34DFD64D903511C8C86B2D9099D508E8E29DBCFE5631BAD77049DFEA
                                                                                                                                                                                                                                            SHA-512:2AB832CC4D67614F531B1756EC957D9DA181D1CB52E80994CE1F4969BB149201E6485B30C20BAE1D707E54698F6E4C92E00B0F7EAE5C0036659BCC210B8DAF1D
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v..o..w..o..x..o..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....p.....p.....p....1p....>p....Dp....Sp....Yp....kp....sp....xp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q....Tq....]q.....q.....q.....q.....q.....q.....q.....r....-r....4r....7r....8r....=r....Hr....Or....Vr....{r.....r.....r.....r.....r.....r.....r.....r.....r.....r.....s.....s....Ks....[s....ns.....s.....s.....s.....s.....s.....s.....s.....t..!..t.."."t..#.@t..$.dt..'.rt..(..t..1..t..2..t..3..t..4..t..5..t..6..t..7..t..8..t..9..t..<..u..=..u..>.5u..?.9u..@.Du....Tu....bu....xu.....u.....u.....u.....u.....v....1v....Rv.....v.....v....uw.....w.....x....}x.....x.....x....1y....Ey....ky.....y.....y....'z.....{.....{....Z{....g{....q{.....{.....{.....{.....{.....|....j|.....|.....}....{}.....}.....}.....}.....~.....~................j.................7.....p.....0.................B.....m...........A.................e................'............

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\es-419.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):216518
                                                                                                                                                                                                                                            Entropy (8bit):5.4044282508656325
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:UDPC53pYMdj5U9s4G6OGzw6ShhKObfFmd:0Pk1jUjOGzEKObfFmd
                                                                                                                                                                                                                                            MD5:599282267A7DC09B889B51D344DB9589
                                                                                                                                                                                                                                            SHA1:7598EAC038A194A3703E243F40D066EB5E7251AB
                                                                                                                                                                                                                                            SHA-256:55C699B42F85E2731501F2FFF6BEC70EF2E1B22A44916CDF7A779966D0F0F36D
                                                                                                                                                                                                                                            SHA-512:083F276C91929A631B69EA508793CB268E09EC4C656C49D316CD6482A17074DF4B93E0D9A08AAE16B7FA5AD802EF1EFB4D71E477222C589AD8CC6C7B5A4F7781
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........;.c.v..o..w..o..x.#o..y.,o..z.8o..{.Go..|.Ro..~.Zo...._o....lo....ro.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p....$p....&p....(p....)p....*p....,p....Pp....ip....{p.....p.....p.....p.....p.....p.....q....Aq....Vq.....q.....q.....q.....q.....q....'r.....r....1r....2r....9r....Jr....Xr.....r.....r.....r.....r.....r.....s....Cs....Rs....ls....}s.....s.....s.....s.....s.....t....1t....<t....It....Ot....st.....t.....t.....t..!..t.."..u..#..u..$.Iu..'.gu..(..u..1..u..2..u..3..u..4..u..5..u..6..v..7..v..8..v..9.6v..<.Nv..=.bv..>.|v..?..v..@..v.....v.....v.....v.....v.....v....Jw....ew.....w.....w.....w....(x.....x....Py.....y.... z.....z....={....X{.....{.....{.....{.....{....0|.....|.....}.....}.....~.....~....!~....3~....U~.....~.....~.....~....1.................W.....[...........................<.....P......................................p..........%.....V...........<..........H................?.................d.......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\es.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):220387
                                                                                                                                                                                                                                            Entropy (8bit):5.38015309500299
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:gyKjLLfkjrePEPJL1TPoPGVm28NvGzrwSbf116z8T5hk83:gDjgJLSuA2MvGzj1+8T/k83
                                                                                                                                                                                                                                            MD5:01A85629CAE9F611EADE72BE40B180A3
                                                                                                                                                                                                                                            SHA1:54CC3044BC4EC327E46614CD3AF629778724620A
                                                                                                                                                                                                                                            SHA-256:846007823D3694623C0AF267DF55CAA0BA09B81EC876770D4080B7CC2B37D127
                                                                                                                                                                                                                                            SHA-512:CBEBEDCA25D3379DE9C8EFBE03BA181DC4EA2C16A41D4B7B63DE78197B9790060576DEA3C85F4DCC20E2AFE04C623FC17825D8676199BD87C49D905BD6B4E52D
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:......../.o.v..n..w..n..x..o..y..o..z..o..{..o..|.9o..~.Ao....Fo....So....Yo....ho....yo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p....7p....Pp....cp....sp.....p.....p.....p.....p.....p....(q....Iq....qq.....q.....q.....q.....q.....r.....r.....r.....r.....r....,r....|r.....r.....r.....r.....r.....s....Gs....Vs....ms....~s.....s.....s.....s.....s.....t....1t....<t....It....Ot....kt....wt.....t.....t..!..t.."..t..#..u..$.>u..'.\u..(.vu..1..u..2..u..3..u..4..u..5..u..6..u..7..v..8."v..9.*v..<.Bv..=.Uv..>.ov..?.wv..@..v.....v.....v.....v.....v.....v....Mw....gw.....w.....w.....w....*x.....x....Cy.....y.....z.....z.....{....8{....j{.....{.....{.....{.....|....{|.....}.....}.....}.....~.....~..../~....Q~.....~.....~..........i...........4.....=.....o....................... .....4.......................|.................Q.................F...........4...........1.......................w...........{..........e.......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\et.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):195898
                                                                                                                                                                                                                                            Entropy (8bit):5.5094358617440555
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:pfG6QaKJrfZbEaVS8HikE7Gz/B0oNxlSGNKB:w1aKJrBbEaA5kE7Gz5xlSGNKB
                                                                                                                                                                                                                                            MD5:72F3746D1BCE919D7A9F594002DEDAD7
                                                                                                                                                                                                                                            SHA1:5AFEDC11020C7D4860DA8889D866F54FF89FC299
                                                                                                                                                                                                                                            SHA-256:CD9236C2D42B0B93DDA4AC6B4759F3EAB72E4CF7AE12AAD6B18A282BD5597DFE
                                                                                                                                                                                                                                            SHA-512:7B1F7D7CE5AA42670FBBBAFB32758511EE12330CD98D573BE8E4AB1A5212B094B8C05E798F2ECBBD7E3440DF3D7A982B2953D4E6998205E863C811B536BEF34B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........G.W.v..o..w.(o..x.4o..y.Eo..z.Qo..{.`o..|.ko..~.so....xo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.... p....(p..../p....6p....=p....?p....Ap....Bp....Cp....Ep....cp....|p.....p.....p.....p.....p.....p.....q.....q....Kq....bq.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r.....r....+r....dr....jr.....r.....r.....r.....r.....s.....s....$s....(s....Js....Ss....|s.....s.....s.....s.....s.....s.....s.....t.... t....3t.....t..!..t.."..t..#..t..$..t..'..u..(..u..1.8u..2.Cu..3.Fu..4.\u..5.gu..6.vu..7..u..8..u..9..u..<..u..=..u..>..u..?..u..@..u.....v...."v....?v....Wv....tv.....v.....v.....w....!w....Aw....xw.....w....bx.....x.....y....qy.....y.....y....5z....Oz....oz.....z.....z....6{....F|....F|.....|.....|.....|.....|.....|.....}....?}....S}.....}.....~....Y~.....~.....~.....~....9...........%.....S.....g.............................................b................'.................n.................M.................O.......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\fa.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):310038
                                                                                                                                                                                                                                            Entropy (8bit):5.1138154297993665
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:zR07QyOoiW7CXkbP803LqN2DsiWA39J+FtnoaLeOnbVWcan1baX328H1jvgfyf3i:zR07QyOoiW7CXkbP803LqN2DsiWA39Jz
                                                                                                                                                                                                                                            MD5:382371AE586D2374C32DE690CC765923
                                                                                                                                                                                                                                            SHA1:D62A65457FE708ECE7C78D01880DA96ABC31F42C
                                                                                                                                                                                                                                            SHA-256:5426D547966D0C533E6F6B2171D88B54600CEDDA112EB4AEF371E4A8FE1C831B
                                                                                                                                                                                                                                            SHA-512:8E1B332FE7C7B7A9B54A55483640DBF19DDE2278EA9E913FDDB0D004C79E57DFB62C5E9A0DFA9C3FED7A94566A7C3B3D6DB9DA84B4B44CE0EDCCA507F15BC60B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v..n..w..n..x..n..y..n..z..o..{..o..|. o..~.(o....-o....:o....@o....Oo....`o....io....~o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p....Lp....fp.....p.....p.....p.....p....:q....Cq....tq.....q.....q.....q.....q.....r.....r....sr....zr....}r.....r.....r.....r.....r.....s....*s.....s.....s.....s.....s.....t....)t....Jt....Rt.....t.....t.....t.....u.....u....?u....Ru...._u....gu.....u.....u.....u....Jv..!.{v..".~v..#..v..$..v..'..w..(.%w..1.Xw..2.gw..3.jw..4..w..5..w..6..w..7..w..8..x..9.#x..<.Dx..=.dx..>..x..?..x..@..x.....x.....x.....y....By....uy.....z..../z....]z.....z.....z....%{.....{.....|.... }.....}.....~................=.....a................@..........S.....S............................c.......................s..........t.....|..........>................H.....b...........M...........C...........%.................".....r.....'....."......................W..........T.................E..........O.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\fi.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):202908
                                                                                                                                                                                                                                            Entropy (8bit):5.444487253154988
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:YeTkfKGhsEF06cCSx6QG0529LQXn2anYCCkFAkA/640IQfGtATyzlUUFpeiXHQ4M:jcKG7cQQ74kPmmfGzeRHld4X1hwcM
                                                                                                                                                                                                                                            MD5:C152EF7B4C7B9C46A31C6EB100988B1E
                                                                                                                                                                                                                                            SHA1:8409B628642A0471024001CA119A1C340EE357FF
                                                                                                                                                                                                                                            SHA-256:CB83ACC53E2A1256D697D9B3DB66AD2528634E62A7479F59A8F5B016518D2052
                                                                                                                                                                                                                                            SHA-512:9713712491C78BCF1DE9D403906F98B3034A540085C59EF4EBF4771F019B03A7914BA4F06A8E01C207C97075A5C1AE79780C492A7173A89D77783E5EDECA4D28
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v..n..w..n..x..n..y..n..z..n..{..n..|..n..~..n.....n.....o.....o.....o....-o....6o....Ko....Xo....^o....mo....so.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p....,p....0p....6p.....p.....p.....p.....p.....p.....q....#q....7q....?q....tq....{q....~q.....q.....q.....q.....q.....q.....q....Br....Jr....\r....or.....r.....r.....r.....r.....r.....r.....s....$s....9s....Xs....`s....ms....rs.....s.....s.....s.....t..!..t.."..t..#.;t..$.Xt..'.nt..(..t..1..t..2..t..3..t..4..t..5..t..6..t..7..u..8..u..9.+u..<.?u..=.Su..>.pu..?.uu..@..u.....u.....u.....u.....u.....u....Ev....^v.....v.....v.....v.....v....Fw.....w....Mx.....x....Qy.....y.....y.....z....8z....`z.....z.....z....!{.... |.... |....f|....s|....~|.....|.....|.....}.....}....v}.....}...."~.....~.....~.....~.....~......................*......................j.......................S................+...........'................(.....q...........^................p.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\fil.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):224444
                                                                                                                                                                                                                                            Entropy (8bit):5.228648065023812
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:bPZagHzi5cmvTHf4O14Nngxo/tgNFfX4WDZM3obaSRUA51SQHZ30GzUOoirpMC+O:TZhHziymQg1DZzbaSRUA55Z30Gz2fcJ
                                                                                                                                                                                                                                            MD5:5049197EB9CD66BA4B99950BE0952ED0
                                                                                                                                                                                                                                            SHA1:EC9142FE23BE77049CE5B6EDEAD5E12526F013C8
                                                                                                                                                                                                                                            SHA-256:206EA11AA7D55AB1DE9FF105330CCD932D5F93CA19B886E29AD1D0CC7DB3F8B8
                                                                                                                                                                                                                                            SHA-512:8B5F08683F844C8889ABC6AD52BE2FDCE431BBAE27048559EC43ED98C8B2F21C7B367D8B3B00A386C24C8A12F29A76EF4F2711CF42E5F0B1F712FAA282CB67C7
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........d.:.v.Ro..w.\o..x.no..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....o.....o.....o.....p.....p.....p....*p....0p....Bp....Jp....Op....Wp...._p....gp....np....up....|p....~p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q....Sq....\q.....q.....q.....q.....q.....r.....r....$r....Xr...._r....br....cr....lr....}r.....r.....r.....r.....r....#s....+s....?s....Ls....vs....~s.....s.....s.....s.....s.....s.....t....1t....Kt....Yt....ft....kt.....t.....t.....t.....u..!.&u..".)u..#.Gu..$.su..'..u..(..u..1..u..2..u..3..u..4..u..5..u..6..v..7..v..8.6v..9.Cv..<.Pv..=.ev..>..v..?..v..@..v.....v.....v.....v.....v.....w....cw....{w.....w.....w.....w....&x.....x....Iy.....y.....z.....z....2{....I{.....{.....{.....{.....{....5|.....|.....}.....}.....~.....~....*~....A~....X~.....~.....~..........j...........$..................................P.......................2.....f...........I.....4.................m................................................................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\fr.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):234980
                                                                                                                                                                                                                                            Entropy (8bit):5.421057409292579
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:HGXatzmw9UGf8pwG6uwTVUuKv/66p3bW4+a7XGxVG6r+Qd9QbUdOuNGzq3nXrotS:HGBw9Xf8pwG6uwTVkLWzFxD+uDouNGzK
                                                                                                                                                                                                                                            MD5:C0553CD71822D64284A1D70F17CB994A
                                                                                                                                                                                                                                            SHA1:06943882BBDD32BB0E725803BCBE82FAF93EA304
                                                                                                                                                                                                                                            SHA-256:5449A77A65041E434E6A5F6BA771274B8866F86E8C83C8BA7B004460E596618B
                                                                                                                                                                                                                                            SHA-512:28D802395B54450E60831A8C0263BB7C1EE8AECF4A8B6B33C66C4B22DB841C20608219A361C68D420B811F5CFDCFD917AE9C86553B022D0B1C408AFDFD7011AE
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v..n..w..n..x..n..y..n..z..o..{..o..|..o..~.&o....+o....8o....>o....Mo....^o....go....|o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o....#p....Ap....Qp...._p....qp....up.....p.....p.....p.....q....2q....Zq....jq....yq.....q.....q.....q.....q.....q.....q.....q.....q.....r....Gr....Mr.....r.....r.....r.....r.....r.....r.....s.....s....6s....@s....us.....s.....s.....s.....s.....s.....s.....t....(t....At.....t..!..t.."..t..#..t..$..t..'.#u..(.:u..1.hu..2.tu..3.wu..4..u..5..u..6..u..7..u..8..u..9..u..<..v..=..v..>.;v..?.Bv..@.Pv....av....vv.....v.....v.....v.....w....(w....Pw....yw.....w.....w....ix.....y....zy.....z.....z....m{.....{.....{.....{.....|....0|.....|.....|....,~....,~....r~.....~.....~.....~.....~....!.....P.....c.................{.................B............................,..................................................o.......................6...........).....y..........@...................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\gu.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):438088
                                                                                                                                                                                                                                            Entropy (8bit):4.403869975349536
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:p0u0GmIpJw3jK7hXKZvmRef5aBN9kRB8blGS4e94rqWHD4A4ZunuVm9nh2jssscU:p0uNYMMGzDDm5
                                                                                                                                                                                                                                            MD5:AB93A11D453C5121D21BBFE30A4C054C
                                                                                                                                                                                                                                            SHA1:69E9CCABB3D5558AD9E5A34E74527623F53E2D56
                                                                                                                                                                                                                                            SHA-256:0B7CA560C30857AC884AF9228558FC1C57C14A060990B8854D5EF2A915A6BD78
                                                                                                                                                                                                                                            SHA-512:F1F5952FC3D508888729CDE039672094D9087468412FBA525F472EF360D2E4CAFD555E3607684BDC05C3B1C73CF64804EF79D0669BDAEC6D535E4731011701FE
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........I.U.v..o..w.Jo..x.xo..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....o.....o.....p.....p....#p....)p....8p....>p....Pp....Xp....]p....ep....mp....up....|p.....p.....p.....p.....p.....p.....p.....p.....p....-q....Uq.....q.....q.....q.....q....sr.....r.....r.....r.....s....+s...._s.....s.....s.....s.....t.....t.....t.....t....@t....Vt.....t.....t....iu.....u.....u.....v....pv.....v.....v.....v.....w.....w.....w.....w.....w....5x....]x....jx....}x.....x.....x.....y.....y..!..z.."..z..#.#z..$.uz..'..z..(..z..1.,{..2.8{..3.;{..4.c{..5..{..6..{..7..{..8..|..9..|..<.A|..=.q|..>..|..?..|..@..}....!}....6}....h}.....}.....}.....~.....~.....~....F..........."...........q.......................L.....|...........G......................Z.....y.....y.....................&...........).....A.......................y.......................{..................................p.................................q...............Q.....z............................m................y.......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\he.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):257192
                                                                                                                                                                                                                                            Entropy (8bit):4.806961562543729
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:8kLBv8H6YVIf5XfQw6ojR43EjnB3cfsz6VVKOn0ZOa61W6JM9Dp9GzO4dzk9i5k5:BF8H6YVa54qo86VVKO0UMj9GzO4hKi5+
                                                                                                                                                                                                                                            MD5:2CE618F91B220F10F9D499F3B6D0B629
                                                                                                                                                                                                                                            SHA1:BA8B32DCE9A8A1376421457298EB73F11E6901FD
                                                                                                                                                                                                                                            SHA-256:1188422388C88F340096163DB3E72B934B1F1F43419470BF6C3F5AFAF2B1C882
                                                                                                                                                                                                                                            SHA-512:852A7AE2B8287CF9BC98E9688C1C616D763F834A253B6B2A11267A818E574C6F4516BF217D66C823A3EE20997D9B5D8B4019E3D855CA9F54E93EC563292F96FD
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........%.y.v..n..w..n..x..o..y..o..z.&o..{.5o..|.@o..~.Ho....Mo....Zo....`o....oo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p.....p....>p....^p....up.....p.....p.....p.....p....%q....<q....mq.....q.....q.....q.....q.....r.....r....Ir....Pr....Sr....Tr....]r....kr.....r.....r.....r....As....Ks....is.....s.....s.....s.....s.....s.....t....(t....bt.....t.....t.....t.....t.....t.....t.....u....#u....8u.....u..!..u.."..u..#..u..$..v..'.3v..(.Dv..1.hv..2.uv..3.xv..4..v..5..v..6..v..7..v..8..v..9..w..<..w..=.Cw..>.\w..?.mw..@.|w.....w.....w.....w.....w.....x....~x.....x.....x.....y....<y.....y.....z.....z....I{.....{....}|...."}....=}.....}.....}.....}.....}....,~.....~................2.....K.....Z.............................u..........7......................P.....b.......................................o.....................#................<..........m..........E.................b...........c..........Y.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\hi.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):445678
                                                                                                                                                                                                                                            Entropy (8bit):4.396873847313936
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:ou37hisFrMsu3DhoSFNAYaZxCh4Yknf521DI0BUVWmU8GzKdkaXB+l92FhgPtem2:oyiIjGz1JQ55
                                                                                                                                                                                                                                            MD5:60D977D28A3DAA8527A3D59B06F49434
                                                                                                                                                                                                                                            SHA1:6C81AD72072AAC5F555846A49F22C50A7EE5E4D3
                                                                                                                                                                                                                                            SHA-256:867DF17ED0158F655C3E41C170D65BC484589A38D6A0D355C6E8FC457395AF94
                                                                                                                                                                                                                                            SHA-512:02ED4F340E2EFAF4533C2AD0FFC992CE41DBC48D85097E689CAD3A9C6F6CF5DE626AAC4316FA407363A9F97BA3AE3EF68A256B75DE3B9FDBEF04F9B001B80922
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........*.t.v..n..w..o..x.=o..y.No..z.Zo..{.io..|.to..~.|o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p....!p....)p....1p....8p....?p....Fp....Hp....Jp....Kp....Lp....Np.....p.....p.....p....!q....Lq....Pq....eq.....q.....r....Hr.....r.....r.....r.....r.....s....7s.....s.....s.....s.....s.....s.....t.....t.....t.....t....Iu....bu.....u.....u.....u.....v....Kv....iv.....v.....v....Nw.....w.....w.....w.....x....6x....Lx.....x.....x.....x....`y..!..y.."..y..#..y..$.,z..'.vz..(..z..1..{..2..{..3..{..4.I{..5.v{..6..{..7..{..8..{..9..|..<.(|..=.X|..>..|..?..|..@..|.....}....9}.....}.....}.....~.....~....!.....v...........5................Z...........".....*.....X...........M.................R...........................G.....l................z.................w....................................................................A.......................*...........t.....2................".....@.....[.....%................T...........e..... .....X.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\hr.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):210116
                                                                                                                                                                                                                                            Entropy (8bit):5.560059770538138
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:ab/z9prV9kUXTHemvdU0UiLZa8Qt/azXTpWDcRfHa/Gz9MXtUDW4kxB9ugayV8:ab/zx9klWva/Gzx8DG
                                                                                                                                                                                                                                            MD5:D35042035A60FA954A746760D4087F2D
                                                                                                                                                                                                                                            SHA1:82F1A72B32E999569521272C83D9ACA2C256DF2E
                                                                                                                                                                                                                                            SHA-256:EDF4A903D14BB4B523C898CA8C1CC41DA5011112C98E8BF8FD95D4A789DD406C
                                                                                                                                                                                                                                            SHA-512:1C50A796374A8C3688F554836F66B0EA2D6C055151B91D4496DF63E4E124E2C197429DCE056370761052266C00550AAF5F04A5F33A32F3CCD871E19C2E34BB86
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........E.Y.v..o..w.!o..x..o..y.?o..z.Ko..{.Zo..|.eo..~.mo....ro.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p...."p....)p....0p....7p....9p....;p....<p....=p....?p....^p....rp....~p.....p.....p.....p.....p.....p.....p.....q....4q....\q....oq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q....=r....Cr.....r.....r.....r.....r.....r.....s....#s....4s....\s....cs.....s.....s.....s.....s.....s.....s.....s.....t....'t....8t....jt..!..t.."..t..#..t..$..t..'..t..(..t..1..u..2.'u..3.*u..4.Cu..5.Ru..6.cu..7.ou..8..u..9..u..<..u..=..u..>..u..?..u..@..u.....v...."v....Gv....\v....vv.....v.....v.....v.....w....Aw....|w.....w.....x.....x....?y.....y....Iz....\z.....z.....z.....z.....z....@{.....{.....|.....|.....}....0}....;}....S}....s}.....}.....}.....}....S~.....~..........k.....o............................!.....9......................}......................i................F...........8.................)................f.............

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\hu.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):230900
                                                                                                                                                                                                                                            Entropy (8bit):5.685821417073077
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:1RCKp9HqLqM4HPfbnRGzFBi6P3UlYemdpEU:eKDlMCnRGzxP3Ujw
                                                                                                                                                                                                                                            MD5:51A14E1E1F5AD373442B4E419F739F34
                                                                                                                                                                                                                                            SHA1:1FC314D05BE5E1BDB29120B99241820233FD0E27
                                                                                                                                                                                                                                            SHA-256:F964047A71231A5C550B14F1E05A38B64899806D98304D07CA85C59962161E68
                                                                                                                                                                                                                                            SHA-512:DC3355B80C5D9C4013BCF36ACF75F12AC83E393F8FF8C96F8B153E3AE4D08F01FBDF96FF01BBA4CE01A4A8A3C2CE0CCE7B8E07DC492E312EA863AD9E71C1F7DD
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v..n..w..n..x..n..y..n..z..n..{..o..|..o..~..o...."o..../o....5o....Do....Uo....^o....so.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p....1p....Ap....Wp....jp....np....~p.....p.....p....,q....Aq....iq....yq.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r....tr....zr.....r.....r.....r.....s....9s....Fs...._s....gs.....s.....s.....s.....s.....s...."t....+t....9t....Bt....kt....xt.....t.....t..!..u.."..u..#.3u..$.bu..'..u..(..u..1..u..2..u..3..u..4..u..5..u..6..u..7..u..8..v..9..v..<.0v..=.Hv..>.gv..?.sv..@..v.....v.....v.....v.....v.....w....kw.....w.....w.....w.....x....px.....x.....y.....z.....z....,{.....{.....{....1|....N|....s|.....|.....|....Y}....u~....u~.....~.....~.....~.....~..........z.................$...............................................M.......................%.....[..........*.................&.................-..........B...........".....f.....................L......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\id.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):194761
                                                                                                                                                                                                                                            Entropy (8bit):5.409644577713678
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:EUacICUgaLEo/SwlIGcFZE8rhBCkvCOOo+9B5SBwOr+EqmTMGznj8aj/8Ke5KWVs:2crUb7amiUPs4Gznj/WtIsGatW
                                                                                                                                                                                                                                            MD5:53571F7667F105BCAE920CE05816EE1B
                                                                                                                                                                                                                                            SHA1:91E851826C7A4D35047B164ED6A3F51DFFDE5558
                                                                                                                                                                                                                                            SHA-256:5E2CA5F1DF58F9F300793EC2EFA5B260C1F21D357158A1C07398404638641436
                                                                                                                                                                                                                                            SHA-512:2AE8D1CDBD85D82AEBC850D0FE74E5F458A79476C9F819EC9BC5B6556548828E3527282802B4F14F09CFE1A5F19AD96B4AF7734708AD1069BE8335F424B5F5EE
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........-.q.v..n..w..n..x..o..y..o..z..o..{..o..|.9o..~.Ao....Fo....So....Yo....ho....yo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p....-p....Bp....Pp....]p....mp....qp....xp.....p.....p.....p.....q....8q....Gq....Yq....dq....lq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q....)r....-r....>r....Nr....rr....|r.....r.....r.....r.....r.....r.....r.....s.....s....)s....6s....;s....`s....cs....us.....s..!..s.."..s..#..s..$..t..'.(t..(.8t..1.Qt..2._t..3.bt..4.rt..5..t..6..t..7..t..8..t..9..t..<..t..=..t..>..u..?..u..@..u....*u....:u....Su....gu.....u.....u.....u.....v....4v....Tv.....v.....v.....w.....w....`x.....x....@y....Qy.....y.....y.....y.....y....3z.....z.....{.....{.....{.....{.....{.....|.....|....q|.....|.....|.....}....h}.....}....%~....)~....\~.....~....Z.............................?.....h..........0...........}..........#.....O...........(.................V..............................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\it.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):213013
                                                                                                                                                                                                                                            Entropy (8bit):5.334158451356358
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:O6Kuu0iwSE4/mUs21V5QfZAD+wFpOzQz/GCedgoe14pL3wLe9eHuZ+bWKBF/4L+j:uwgZoMGzV5s
                                                                                                                                                                                                                                            MD5:743EDE3F04BA082620FE72458C0176C4
                                                                                                                                                                                                                                            SHA1:F24F0D035D0B489C4A3FD096D42C6271FEAC218B
                                                                                                                                                                                                                                            SHA-256:37D33E1B61990AF13F5CB5EEBBF3943EA88E0FCE40778958103DDF3E0A77DF65
                                                                                                                                                                                                                                            SHA-512:FC43AD216217B9ECD897358EFE5FD7ED4C7606AE99766B8AA450B007BC673342CF429C572B4A7BA4CB2CD6FA683ECC0921E90BF55C74BFAB22912F449544FB20
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........0.n.v..n..w..n..x..o..y..o..z.&o..{.5o..|.@o..~.Ho....Mo....Zo....`o....oo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p.....p....?p....Lp...._p....np.....p.....p.....p.....p.....p.....q....%q....Mq....]q....nq.....q.....q.....q.....q.....q.....q.....q.....q.....r....Nr....Vr.....r.....r.....r.....r.....r.....r.....s.....s....4s....?s....ts.....s.....s.....s.....s.....s.....s.....s.....s.....t....@t..!.[t..".^t..#.|t..$..t..'..t..(..t..1..t..2..t..3..t..4..u..5..u..6."u..7.1u..8.\u..9.du..<.yu..=..u..>..u..?..u..@..u.....u.....u.....v....)v....Pv.....v.....v.....v.....w....)w....sw.....w.....x.....x....hy.....y....qz.....z.....z.....z.....z.....{....c{.....{.....|.....|....0}....@}....N}...._}....v}.....}.....}.....~....e~.....~.............................................#.....7......................k.................2..................................s..........3.....e............................n.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\ja.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):262111
                                                                                                                                                                                                                                            Entropy (8bit):5.792368396857435
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:+uU907oY9rAJ8MnG2PkwL4Hsm8/w6NUTMI6GzilHaIUreEb9+T0DN+Vj4k:bUG7oxq36GzOMgjVV
                                                                                                                                                                                                                                            MD5:F1CFD8C5FAD811EB0E55D4A60C8F911F
                                                                                                                                                                                                                                            SHA1:7F526F7A35D75AB5309AEF82C3719A91533DC8A3
                                                                                                                                                                                                                                            SHA-256:169E04F708B599954FBD3B481DB41F54E2BCD478F37F9A8058DBB494EDC7EA34
                                                                                                                                                                                                                                            SHA-512:B9AF6FAC52AC54225C6975E5F9E42C86A05A95BDBCE24BF03F297A0093A3BCDCDCAEB6D06D5A68DDC0EEC79C51070FDF3FF6096832B057F2E74499CF2DF93B85
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v.8n..w.Mn..x.qn..y.|n..z..n..{..n..|..n..}..n.....n.....n.....n.....n.....n.....n.....o.....o.....o.... o....%o....-o....8o....@o....Oo....To....\o....co....jo....qo....so....uo....wo....|o.....o.....o.....o.....p....#p....'p....-p.....p.....p.....p.....p.....q....&q....Gq....eq....mq.....q.....q.....q.....q.....q.....q....\r....br.....r.....r.....r.....r....+s....:s....Us....^s....ps....vs.....s.....s.....t....>t....Dt....Qt....Zt.....t.....t.....t....$u..!.Tu..".Wu..#.yu..$..u..'..u..(..u..1.(v..2.1v..3.4v..4.Ov..5.pv..6..v..7..v..8..v..9..v..<..v..=..w..>.<w..?.Hw..@.Ww....mw.....w.....w.....w.....w....)x....Dx....ux.....x.....x.....y.....y....sz.....z....m{.....|.....|.....|.....}....,}...._}.....}.....}....L~..................................4.........................................................-.....8...............................................................3................w.....P......................U..........\.....(...........&...........%.......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\kn.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):506146
                                                                                                                                                                                                                                            Entropy (8bit):4.299090677226852
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:h/H9wVBZWoiz5BnGAMCQ06cMQkUqvKMEVpgpxMyiGL3SRW9SNXO3uzciqOR45Gzo:h/HY+ehJiKGzIa2j1
                                                                                                                                                                                                                                            MD5:6A7A579CF1E048BC7CBD50F3CF66A92D
                                                                                                                                                                                                                                            SHA1:7E6A4B2A9320F14A49A921F94C44A8C3E8078C9F
                                                                                                                                                                                                                                            SHA-256:FD8B235D766FAE1314D6103CB341C5BE3257C25C66A633186A229B381772A7CC
                                                                                                                                                                                                                                            SHA-512:C0D82F273AEB875F35C4F6CE3AC4184B55D49C017702AA36DF68C0AE13B410CE814C9C763312E047B599CE8ABB5C225CDD78AC74D3C3908B8D303757A86C2632
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........L.R.v."o..w.Do..x.uo..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....o.....o.....o.....p.....p.....p....,p....2p....Dp....Lp....Qp....Yp....ap....ip....pp....wp....~p.....p.....p.....p.....p.....p.....p.....q....Tq.....q.....q.....q.....q.....r.....r.....s....Ds....ls.....s.....s.....t.....t.....t.....t.....t.....t.....t.....t.....t.....u.....u....5v....Pv....{v.....v.....w.....w....Ew....Ww.....w.....w....^x.....x.....x.....y....1y....>y....Vy.....y.....y....&z.....z..!.Q{..".T{..#.r{..$..{..'..{..(.0|..1..|..2..|..3..|..4..|..5.7}..6..}..7..}..8..}..9..}..<..~..=.V~..>..~..?..~..@..~....$.....?.....}...........$................q..........................k.....-.....,...........Z...........<.....{..................................................&.....X.....3................2...........;.....<.....K................................+.....M...........*......................h...........z...........................$.......................H.........................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\ko.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):221595
                                                                                                                                                                                                                                            Entropy (8bit):6.145352559176205
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:3325obpYHwfF+mpvz+IQDcw79mQ4+kP7AW50dUjUGzV7QWmuLS1l:HIocw2pkCmjUGzV7rUl
                                                                                                                                                                                                                                            MD5:FA5BB897494CA34200335C073E30B9C2
                                                                                                                                                                                                                                            SHA1:2C5B5C9CDE345E1CBC390BC429C42F2B10BB58D4
                                                                                                                                                                                                                                            SHA-256:94A6EF88AE05F7CCA17B10588EEB4237766E9DF3C24B50A7EA532E250AA40D47
                                                                                                                                                                                                                                            SHA-512:A10F79E16D5C3D51F1C19381CA73411E7AF1A859F31785FE94E287D9CAE87C2AEB9435737D4B64B960A53D3E0BFFC5A7E347C78A6A2439CB5A94BF79C5E57E85
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v..m..w..n..x..n..y.!n..z.,n..{.9n..|.An..}.In....On....Vn....\n....kn....|n.....n.....n.....n.....n.....n.....n.....n.....n.....n.....n.....n.....n.....o.....o.....o.....o.....o.....o....Ao....Wo....co....so.....o.....o.....o.....o.....o....#p....Mp....up.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q....vq....|q.....q.....q.....q.....r....0r....<r....Or....Rr....rr....ur.....r.....r.....r.....s.....s....%s....+s....Rs....Us...._s.....s..!..s.."..s..#..t..$.Mt..'.jt..(..t..1..t..2..t..3..t..4..t..5..t..6..u..7..u..8.2u..9.:u..<.Fu..=.vu..>..u..?..u..@..u.....u.....u.....u.....v....!v.....v.....v.....v.....w....:w.....w.....w.....x....3y.....y....0z.....z.....z.... {....;{....e{.....{.....{.....|....5}....5}....{}.....}.....}.....}.....~....2~....F~.....~.....~....g.................G.................................`.................@.................................."...........8...........<................G...........$.............................Z.....j.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\lt.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):224683
                                                                                                                                                                                                                                            Entropy (8bit):5.666541442325111
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:zFrbmFyIFqMu1LCinzYJ40QE4yDDGz7lyLIzL6SP:BOALrBU4y/Gz7DzL6SP
                                                                                                                                                                                                                                            MD5:F8819542E19129FB68C5D2B79BFA66AB
                                                                                                                                                                                                                                            SHA1:440FC66E6B1EEC0AC7ED4E414D3EB91A06BE765B
                                                                                                                                                                                                                                            SHA-256:27849698AC0C2E3DBFA4EA903F4CA366A422217AA7E9E5FB3010629CDB9FAB47
                                                                                                                                                                                                                                            SHA-512:5311871273EFC3EFB47C0C8B63E7DFA44FF6074472AF1E208AA3DBAF076A456632E61F57AAE32DA4A67D2CED8EB293A6545A5B848EB34A7E738DEA9E71C7BD04
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........>.`.v..o..w..o..x.+o..y.<o..z.Ho..{.Wo..|.bo..~.jo....oo....|o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p....&p....-p....4p....6p....8p....9p....:p....<p....Vp....tp.....p.....p.....p.....p.....p.....p.....q....Fq....`q.....q.....q.....q.....q.....q.....q.....r.....r.....r.....r...."r....2r....zr.....r.....r.....r.....r.....s....Ps....as.....s.....s.....s.....s.....s....(t....?t....`t....mt.....t.....t.....t.....t.....t....!u..!.;u..".>u..#.\u..$..u..'..u..(..u..1..u..2..v..3..v..4.)v..5.=v..6.Pv..7.^v..8.wv..9..v..<..v..=..v..>..v..?..v..@..v.....v.....w....0w....Jw....iw.....w.....w.....x....Ax....nx.....x.....y.....y....(z.....z....T{.....{.....|....e|.....|.....|.....|.....}.....}.....~.....~.....~.....~..........!.....K.......................H.................z.....~.....................$.....M.....f.......................................W.................6...........3...........-................2.....v...........\.......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\lv.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):224601
                                                                                                                                                                                                                                            Entropy (8bit):5.659186327144055
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:/YFZ4qkJ9JDeX9epv+YKK4rt+o4wFXHPFGzfvMyko3mw75izfbXk:Ali9xAEmYKK4UDwF3PFGzX7mw75i7bXk
                                                                                                                                                                                                                                            MD5:B2AE3A035BB8507E1B4CE58E8712053C
                                                                                                                                                                                                                                            SHA1:0486EB421F138AD65C4E63D6F95BDD210E11AE5B
                                                                                                                                                                                                                                            SHA-256:3607DE3A4A1C209D874872D6916E501112B769C7F2DD6B00B77BA6F9384CBDA4
                                                                                                                                                                                                                                            SHA-512:EC5EC998FACF4CAC346607AD364405A5D1C38171A9C694454B65C3F2EF52A8C564E25A8AA1E9604CC09E15CC4E4A3BA18AD66D8D05E21C27FD5581E8CDD1BF2E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........+.s.v..n..w..n..x..o..y..o..z.#o..{.2o..|.=o..~.Eo....Jo....Wo....]o....lo....}o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p.....p....5p....Sp....fp....yp.....p.....p.....p.....q.....q....Fq....iq.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r..../r....:r....yr.....r.....r.....r.....r.....s....Hs....Ss....es....ls.....s.....s.....s.....s.....s.....t.....t....-t....5t....[t....dt....ut.....t..!..t.."..t..#..u..$.:u..'.Tu..(.wu..1..u..2..u..3..u..4..u..5..u..6..u..7..u..8..v..9..v..<.+v..=.Av..>.Wv..?.^v..@.kv....{v.....v.....v.....v.....v....Vw....nw.....w.....w.....w....-x.....x....9y.....y.....z.....z....-{....O{.....{.....{.....{.....{....&|.....|.....}.....}.....}.....~....0~....S~.....~.....~.....~....;.................~............................".....X.....l...............2.....................>......................^..........\........../................A........................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\ml.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):550210
                                                                                                                                                                                                                                            Entropy (8bit):4.334797155956397
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:J3ULYYybaIG4j6xBv+JJX2BdApXtXUKdPFZXd+GzokYrHpd3yhKc7Wi:J3ULRsGDOztHdPFX+GzRKc7Wi
                                                                                                                                                                                                                                            MD5:0CBFD53DC7FF94709DF670B289B42B33
                                                                                                                                                                                                                                            SHA1:484B267ED91A5CF09D9A50B479C69AD1D029E811
                                                                                                                                                                                                                                            SHA-256:9A0E74399EE776DCA3C97E9E3B13C74B8809F1BC0CE0905A06E2CE99EB4C8361
                                                                                                                                                                                                                                            SHA-512:D8C34AE527C870D276467CF5A9D51F9F6A0501BBF5A655F6F04A942F24A05C27D01C95D579D9CAF42A611D00FB7754B3D22A6A91A03D3C4E7DAEEF81A4B78D28
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........W.G.v.8o..w.co..x..o..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....p.....p.....p....0p....=p....Cp....Rp....Xp....jp....rp....wp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p....'q....[q.....q.....q.....r.....r....=r.....r....%s....Vs.....s.....s.....s.....t....Qt....Yt.....t.....t.....t.....t.....t....5u....Qu.....u.....v.....v.....v....Vw.....w.....x....ex.....x.....x.....y.....y.....y.....z....Uz.....z.....z.....z.....z.....{.....{.....{.....}..!..}.."..}..#..}..$.4~..'.j~..(..~..1..~..2.....3.....4.@...5.....6.....7.....8.....9.M...<.....=....>.....?.&...@.f................2.....w.....................#............................9..... .....r..........A...........;.................Q.....$..................................+.....^.....X................@...........q.....f.....j.....................V...........Y.....U..........{.....2...........m.....................j.....w.....Z...........!.......................x.....O.....O.....).......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\mr.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):440757
                                                                                                                                                                                                                                            Entropy (8bit):4.377042891873762
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:CAuxfI6HNNoPilaDYf+ual24MS9koZSZeRerwCJMtlvlfCqSVK/V4UEaEFFgmdZX:4xfxHNpui03Z6ZZGz1p/0
                                                                                                                                                                                                                                            MD5:833C6951456D48819D78819D4C440980
                                                                                                                                                                                                                                            SHA1:6521462F408F6B4C721CF5BB3D9A0AFE7D20E688
                                                                                                                                                                                                                                            SHA-256:2CDFEF5AA4761534DA84E26E0C34848B55168F1E9F3C352CF7D3DE461EE11FDC
                                                                                                                                                                                                                                            SHA-512:126E24BF51A5A60A19C34C47E900A78726E24D7BC47A54623C9C6EC1E1C9F198B5F2AA0B42FCC45651303F9AC0F27D249E2827930FA289DE1528C4E9B54F65B4
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........-.q.v..n..w..o..x.=o..y.Wo..z.co..{.ro..|.}o..~..o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p...."p....*p....2p....:p....Ap....Hp....Op....Qp....Sp....Tp....Up....Zp.....p.....p.....p.....q....7q....;q....Pq.....q.....q.....r....Zr.....r.....r.....r.....s.....s.....s.....s.....s.....s.....s.....s.....s....tt.....t.....u....'u....Ou....ku.....u.....u.....u.....v....qv....zv.....v....$w....cw.....w.....w.....w.....w....:x....Xx....}x...."y..!.gy..".jy..#..y..$..y..'..z..(.Sz..1..z..2..z..3..z..4..z..5..{..6.8{..7.U{..8..{..9..{..<..{..=..{..>..|..?.+|..@.c|.....|.....|.....|.....}....6}.....~....-~....h~.....~.....~..........C...........-.....@.....T.................F.....|......................x...............!.....6.....R.................c.....x..........1.....................\................K..................................Y...............!................f.....n................-...........j.....7..........5..................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\ms.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):201417
                                                                                                                                                                                                                                            Entropy (8bit):5.308720465961804
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:8PlQeTMQy3p1g17j4bT+dWilVj2DQGzajWzC3W3e/A8unI:8P1TMBikmlVj2DQGza9GSr
                                                                                                                                                                                                                                            MD5:6C70C727D9035818712A50BCFF79311D
                                                                                                                                                                                                                                            SHA1:54A6D541ECBCDB0BADA2D6E00ADF127DCE66BBB6
                                                                                                                                                                                                                                            SHA-256:DCA1D86314E2DA07734DD3B506D8B591C0AB8516539890384ADF71022A248D02
                                                                                                                                                                                                                                            SHA-512:EBC9359B84D2C5B32FC5E8FACC1DC9A3419D5C49A589D3A1E0C2BE3308822D2E334B0880B372343397F7F8B8CAAFAD84700BEC796C257050C909C2ACAED96B4A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........>.`.v..o..w..o..x."o..y.*o..z.6o..{.Eo..|.Po..~.Xo....]o....jo....po.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p...."p....$p....&p....'p....(p....-p....Op....gp....zp.....p.....p.....p.....p.....p.....p.....q....Hq....pq.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r.....r....$r....Qr....Xr.....r.....r.....r.....r.....r.....r.....r.....r.....s.....s....Ns...._s....vs.....s.....s.....s.....s.....s.....s.....s....5t..!.Wt..".Zt..#.xt..$..t..'..t..(..t..1..t..2..t..3..t..4..u..5..u..6..u..7.?u..8.Zu..9.hu..<.tu..=..u..>..u..?..u..@..u.....u.....u.....v.....v....7v.....v.....v.....v.....v.....w....Qw.....w....wx.....x....=y.....y....az....vz.....z.....z.....z.....{....U{.....{.....|.....|.....}....*}....:}....O}....h}.....}.....}.....}....X~.....~..........~...................................?.....R......................................J.................(.................|..........D.....t.......................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\nb.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):197705
                                                                                                                                                                                                                                            Entropy (8bit):5.456447331213645
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:sa4p4nRstgRBGglhvBHi0CpvkmISsGzdF7:t4pMStgRBfHi0CpvkFSsGzdF7
                                                                                                                                                                                                                                            MD5:F690B1AA2383227B8C4463DA4836E12A
                                                                                                                                                                                                                                            SHA1:98754C4A11CE7AE46AC451FA2FB0CDB29D4C2EE3
                                                                                                                                                                                                                                            SHA-256:DBA1C03B1CD0F5908DAA047C66B9B0E030D1C8F3044F0B1ABF7805CB922BD017
                                                                                                                                                                                                                                            SHA-512:271F868FD60C1758D5C506EEDCCACF936A7F77DC612FF40609F2280032EB9AB538740F60E673EBBCB1DAA5497C1A2EA967463F5AB39AF9C5F986F8A950F4B6BA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v..n..w..n..x..n..y..n..z..n..{..n..|..o..~..o.....o.....o....!o....0o....Ao....Jo...._o....lo....ro.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p....$p....3p....Fp....Jp....Rp.....p.....p.....p.....p.....q.....q....1q....Dq....Lq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r....+r....Cr....nr.....r.....r.....r.....r.....r.....s.....s....-s....Ns....Ys....hs....ls.....s.....s.....s.....s..!..s.."..s..#..t..$.-t..'.>t..(.Ot..1.ht..2.ot..3.rt..4..t..5..t..6..t..7..t..8..t..9..t..<..t..=..t..>..u..?..u..@..u....%u....0u....Fu....Yu....qu.....u.....u.....v....)v....Nv.....v.....v.....w.....w....;x.....x....2y....Cy....{y.....y.....y.....y.....z.....z.....{.....{.....{.....{.....{.....{.....|....o|.....|.....|.....|....[}.....}....%~....)~....^~.....~............................[.....z...........;.....u.....D...........$.....k.............................X......................]...........J.......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\nl.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):207464
                                                                                                                                                                                                                                            Entropy (8bit):5.387278602823229
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:6G/I9RZ451jRwMfZg+/Vc6rlahkB0+avpGW5utMfhQ8JyZZaI8r4EFBp0Tc9G+Ix:6GA74lKp0UGzv3dvJ
                                                                                                                                                                                                                                            MD5:D935CF78699D515DDC9A9323550A33BA
                                                                                                                                                                                                                                            SHA1:7DDEF0E0851684A97CFFC158EC2C9EB9E1D30CB5
                                                                                                                                                                                                                                            SHA-256:DB91AC80C52BBDF3A6F359D552BDE4573D3BEA6B84FCE3362B30412A3B5D83D8
                                                                                                                                                                                                                                            SHA-512:DA73F38761AE8F12BF519EA305262E26A08047B084F915D843A32427B6D04055E6B9C63FC9F26D8235C79172B6635238B755E10FFF02018984C29246F37E875A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........&.x.v..n..w..n..x..n..y..o..z..o..{."o..|.-o..~.5o....:o....Go....Mo....\o....mo....vo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p....,p....>p....Lp....^p....qp....up....~p.....p.....p.....p.....q....7q....Gq....[q....sq....{q.....q.....q.....q.....q.....q.....q.....q.....r....#r....jr....qr.....r.....r.....r.....r.....r.....r.....s.....s....:s....Ls....`s.....s.....s.....s.....s.....s.....s.....s.....t..!.4t..".7t..#.Ut..$.zt..'..t..(..t..1..t..2..t..3..t..4..t..5..t..6..t..7..u..8..u..9.'u..<.4u..=.Iu..>.fu..?.tu..@..u.....u.....u.....u.....u.....u....%v....;v....ev.....v.....v.....v....Bw.....w....8x.....x..../y.....y.....y.....z....#z....Jz....iz.....z.....{....F|....F|.....|.....|.....|.....|.....|...."}....C}....Z}.....}.....~....t~.....~.....~..........\.....B.....v.......................8.....h..........>.....!.................[..............................................j...........T.............

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\pl.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):217685
                                                                                                                                                                                                                                            Entropy (8bit):5.7745553191633485
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:aBQfuVjFzTQRqMbPB4nVUFzd8Bd8d/lZmqKGzqrxCoqRq7DiWULf:aBQfuVjFzTSbPB4UF5g2/ZmZGzvCORf
                                                                                                                                                                                                                                            MD5:A93A81C359048EC5220DC4B7C77CDFA5
                                                                                                                                                                                                                                            SHA1:B43C38D6C0F78963599D7416422B9150F4148CF7
                                                                                                                                                                                                                                            SHA-256:D1BFF70EBCED2F783EE8965CA7956E4A0CDE688559BD343819A301B0F264B97A
                                                                                                                                                                                                                                            SHA-512:36D46D6904A0B4832C0FADEA788756391675CCC8D5D287B3B98D3B2A15B80E03D310AE6F02571C9521FF8E271B620F71C73B47CBC5C2FC7CC7663D1576F7955D
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........,.r.v..n..w..n..x..o..y..o..z.!o..{.0o..|.;o..~.Co....Ho....Uo....[o....jo....{o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p....5p....Op....^p....lp.....p.....p.....p.....p.....p.....q....&q....Nq....cq....wq.....q.....q.....q.....q.....q.....q.....q.....q....2r....8r....}r.....r.....r.....r.....r.....s.....s....(s....Os....Rs.....s.....s.....s.....s.....s.....s.....s.....t....%t....5t....tt..!..t.."..t..#..t..$..t..'..t..(..u..1.7u..2.Fu..3.Iu..4.nu..5.zu..6..u..7..u..8..u..9..u..<..u..=..u..>..u..?..u..@..v....#v....:v....Kv....`v....zv.....v.....v.....w....4w....aw.....w.....w.....x.....y....xy.....y....qz.....z.....z.....z.....z.....{....X{.....{.....|.....|.....}.... }....)}....@}....]}.....}.....}.....~....u~.....~....%.....-.....b...........q.....................9.....].................]......................4.....f...........;..........6.......................Z...........Y...........<.......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\pt-BR.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):213598
                                                                                                                                                                                                                                            Entropy (8bit):5.468272951929252
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:1nCnQIMisJtMIoCqW+5Ox9UcNzvyzczp8HJhWOYGzI3StrpckwGMRk:dCn9MRJ+u4WNGztwGH
                                                                                                                                                                                                                                            MD5:FC3436297593F206BD0A33D51B53E285
                                                                                                                                                                                                                                            SHA1:0293321D04097650CEA45D04B88DBF3F236E4CE6
                                                                                                                                                                                                                                            SHA-256:71D2553C072A5A9CC0264512F00579DD5FBA14D0F69F0CEE4109660750CF81AE
                                                                                                                                                                                                                                            SHA-512:517DB7902CB21EDE388C0B1CEBEC567C727987A540EDEBF058FD956651FC3AC8A62C42ACD01D72D8CE13FC34AAC4F6B9AB4DB377869E2F30455B49F5727F6FB0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........G.W.v..o..w.)o..x.7o..y.Ho..z.To..{.co..|.no..~.vo....{o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p....#p....+p....2p....9p....@p....Bp....Dp....Ep....Fp....Kp....op.....p.....p.....p.....p.....p.....p.....q....'q....[q....pq.....q.....q.....q.....q.....q.....q.....r.....r.....r.....r....!r....*r....hr....nr.....r.....r.....r.....r.....s.....s....+s....2s....Us....Ys.....s.....s.....s.....s.....s.....s.....t.....t....#t....6t.....t..!..t.."..t..#..t..$..t..'..t..(..u..1.3u..2.Au..3.Du..4._u..5.mu..6..u..7..u..8..u..9..u..<..u..=..u..>..u..?..u..@..v.....v....$v....8v....Nv....iv.....v.....v.....v.....w....:w....xw.....w.....x.....x....My.....y....Gz....^z.....z.....z.....z.....z....:{.....{.....|.....|.....}....'}....2}....I}....j}.....}.....}.....}....C~.....~.....~....}............................!.....R.....f................,......................_..........".....J...........1...........-.................&.....r...........m......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\pt-PT.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):217817
                                                                                                                                                                                                                                            Entropy (8bit):5.441317944225942
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:97ljojZExjmgTxDap/02w7hc7LJaPn5IBt8nA4ooGzzEDMzYByJG9kiqtkPO:97lMjZEmQa7L0lGzJYwtT
                                                                                                                                                                                                                                            MD5:1EF51B9A757EF1205B41D62F79B49CE5
                                                                                                                                                                                                                                            SHA1:7056A8DDE223D6F65C9AF106C6F1DAC17DD341E6
                                                                                                                                                                                                                                            SHA-256:4EC35CB6F4C779FAEBA66B10A1CC96BD2CC3C66EFA15E683BC0E2CD520EFAA58
                                                                                                                                                                                                                                            SHA-512:FB6DC780A7ED6EF325A15BC2C7871607CB4E16BEA82739EAE144AEC10A0C7573879D57907C0D51B3B8DF17DF7F1F8446DC2CB4D24B05D6DDEEE12BCA27AA7F60
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........F.X.v..o..w.)o..x.;o..y.Lo..z.Xo..{.go..|.ro..~.zo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p....'p..../p....6p....=p....Dp....Fp....Hp....Ip....Jp....Op....sp.....p.....p.....p.....p.....p.....p....(q....1q....eq....zq.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r..../r....=r....{r.....r.....r.....r.....r.....r.....s....!s....;s....Js....ms....xs.....s.....s.....s.....s.....s.....t.....t....+t....7t....Kt.....t..!..t.."..t..#..t..$..u..'..u..(.6u..1.[u..2.gu..3.ju..4..u..5..u..6..u..7..u..8..u..9..u..<..u..=..v..>..v..?. v..@..v....=v....Ov....uv.....v.....v.....v.....w....4w....]w.....w.....w....7x.....x....?y.....y....+z.....z.....z.....{....){....O{....q{.....{....*|....4}....4}....z}.....}.....}.....}.....}.....~....?~....U~.....~.........._.......................E.....P......................1.....h...........5...........u....................................................f................4..........;.......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\ro.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):221714
                                                                                                                                                                                                                                            Entropy (8bit):5.506942434485236
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:k4xDqvozu1sHjoJia9U82jN6qPjfGzijwewmQ:ktveHjoYae82jN66fGzicewmQ
                                                                                                                                                                                                                                            MD5:EE2432B1B628586507DFA4BA0325F4A8
                                                                                                                                                                                                                                            SHA1:CDA23FCB2EB8E04FE93F69C5D58353CB20B526B2
                                                                                                                                                                                                                                            SHA-256:99D62E728882E7C8FEDFD8303A512BC1E0488F104F4062ED2B3D7FFF334A2BF7
                                                                                                                                                                                                                                            SHA-512:2F3D986C75A162029EB94CE99F67D5E9546FF2571E9C09D33520709A8BE5A679E07D516801758943DC05BA71CA4300A05C9A11680809982A956E09C40E05C961
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........G.W.v..o..w.)o..x.;o..y.Lo..z.Vo..{.eo..|.po..~.xo....}o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p....%p....-p....4p....;p....Bp....Dp....Fp....Gp....Hp....Jp....qp.....p.....p.....p.....p.....p.....p.....q....#q....Tq....iq.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r....+r....6r....~r.....r.....r.....r.....r.....s....1s....<s....Vs....gs.....s.....s.....s.....s.....t.....t....*t....7t....?t....bt....lt.....t.....t..!..t.."..t..#..t..$.*u..'.Au..(.[u..1.}u..2..u..3..u..4..u..5..u..6..u..7..u..8..u..9..v..<..v..=.9v..>.Vv..?._v..@.xv.....v.....v.....v.....v.....v....5w....Mw....rw.....w.....w.....w....^x.... y....oy.....y....pz.....z.....{....Q{....p{.....{.....{.....|.....|.....}.....}.....}.....}.....}.....~....,~.....~.....~.....~....7.................^.....g...........................6.....L...............$................................(.....]..........Z...........Z................I...........R.............

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\ru.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):333912
                                                                                                                                                                                                                                            Entropy (8bit):4.946354320691577
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:qzreCABmXsBoXN2hYg0nJA2mw+NLZ8lopoLvHU7zmK79vJa/LIx39KThwWHJqeRF:qzreCABmXsBoXN2hYg0nJA2mw+NLZ8lz
                                                                                                                                                                                                                                            MD5:DE3F2C81C2037F8A7DFC714F19E6E32F
                                                                                                                                                                                                                                            SHA1:F78DEAD510DB0B85ADC626A9A1F2BC45F860E35F
                                                                                                                                                                                                                                            SHA-256:99758AA83DB68871EE4E4C019984F0B49CCFB2ABDA95A2B726FB7E0D543A7832
                                                                                                                                                                                                                                            SHA-512:3AC92E2792B82FBAD65D05B72BBEBAD48DF7B5CD7B4D97C184E4818679F5305700285190ABF8252F02B329CEB4EAB8F757AD26137F1AF321D13C8DE92BBF857D
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v..n..w.9n..x._n..y.pn..z.|n..{..n..|..n..~..n.....n.....n.....n.....n.....n.....n.....n.....o.....o.....o.....o.....o....6o....;o....Co....Ko....So....Zo....ao....ho....jo....lo....mo....no....po.....o.....o.....o.....p....6p....:p....Qp.....p.....p.....q....:q....bq....rq.....q.....q.....q....'r.....r....1r....2r....Gr...._r....xr.....r.....r....{s.....s.....s.....s.....t....1t....dt.....t.....t.....t.....u....Iu....su.....u.....u.....u.....u.....v.....v....6v.....v..!..v.."..v..#..w..$.Uw..'..w..(..w..1..x..2..x..3..x..4.Ax..5.Kx..6.jx..7.~x..8..x..9..x..<..x..=..y..>.?y..?.Ky..@.jy....~y.....y.....y.....y.....y....=z.....z.....z.....{....J{.....{....E|....2}.....}..../~.....~......................,.....o......................z.....z.................................................9...................................l.................Y.....r...........T...........N..........3.......................n.......................N..........E...........H.....H..........'.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\sk.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):228013
                                                                                                                                                                                                                                            Entropy (8bit):5.80213874806346
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:mBbiIN7OED6d3bme4ZVXmMyYEfFGTi+pImlPtlmn2iaL0NeGzyBBTQoaQdZRNwoW:0iIR6imwi+pIormZeoeGzyjaQdZ5GF
                                                                                                                                                                                                                                            MD5:6A9CCFBCD2D07B909C2A8F65BB82B3F7
                                                                                                                                                                                                                                            SHA1:96CF4D70DF4FDA018FF3A23A1A8C400066EFFF12
                                                                                                                                                                                                                                            SHA-256:8278073AF555CA8202BEA6E2B5C91E2F8CC3063933FBE2B7915FA2E6D35A8C05
                                                                                                                                                                                                                                            SHA-512:A126F92BD1D20D6222CA4674F1DA4255055E62D56A1A5F2A04F9DE5C94318D24D2F69BF5D182356DC932F0823A30946F6AC016BD2B3E1A0106789F6DE4E239B1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........5.i.v..n..w..o..x..o..y.-o..z.9o..{.Ho..|.So..~.[o....`o....mo....so.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p....%p....'p....)p....*p....+p....-p....Kp....hp....|p.....p.....p.....p.....p.....p.....p....0q....Oq....wq.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r.....r....fr....nr.....r.....r.....r.....r....4s....<s....Ws....\s.....s.....s.....s.....s.....s.....t....#t....2t....:t....^t....ht....|t.....t..!..t.."..t..#..u..$.Au..'.Zu..(.ku..1..u..2..u..3..u..4..u..5..u..6..u..7..u..8..u..9..v..<..v..=.3v..>.Rv..?.Xv..@.hv....vv.....v.....v.....v.....v....@w....gw.....w.....w.....w....Bx.....x....qy.....y....\z.....{.....{.....{....)|....P|....u|.....|.....|....Z}....s~....s~.....~.....~.....~................}.................+................Z.....a.....................).....O.....f................<..........%......................9.....s..........s...........................y..........L.............

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\sl.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):209376
                                                                                                                                                                                                                                            Entropy (8bit):5.541914147056759
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:rdE1RDOJXNTcCZfn9u7l+/aIiVA0ib2Gz5BRPxGTTXCYqJ:rm1xg9glA0ib2Gz5PxGTTXCYqJ
                                                                                                                                                                                                                                            MD5:1A665331EACAC50A35C49A9D1FA98615
                                                                                                                                                                                                                                            SHA1:398FBC0D35B02BA162F814F55B946715D3872077
                                                                                                                                                                                                                                            SHA-256:452B896A94CBF70948841CC07B69AE10E29C9488AE17BB3F4FB5F7F73B102C8F
                                                                                                                                                                                                                                            SHA-512:75DEB1FFBC9F45FF141AEE8DD445AD5641182060CEBF7CB0375E811CD248BF2DB063296432961E55872478E7334C96C0509EB7627FE324A80DB9D7C02F0E17B1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v..n..w..n..x..n..y..n..z..o..{..o..|..o..~."o....'o....4o....:o....Io....Zo....co....xo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p....+p....=p....Kp....cp....gp....op.....p.....p.....p.....q....4q....Kq....^q....oq....wq.....q.....q.....q.....q.....q.....q.....q.....r....!r....cr....ir.....r.....r.....r.....r.....s.....s....3s....:s....ps.....s.....s.....s.....s.....s.....s.....s.....s.....s....<t..!.St..".Vt..#.tt..$..t..'..t..(..t..1..t..2..u..3..u..4.*u..5.8u..6.Fu..7.Pu..8.tu..9..u..<..u..=..u..>..u..?..u..@..u.....u.....u.....v.....v....:v....}v.....v.....v.....v.....v....<w.....w....9x....nx.....x....Zy.....y.....y....!z....4z....Lz....jz.....z.....{....0|....0|....v|.....|.....|.....|.....|....&}....B}....W}.....}.....~....k~.....~.....~..........G...........<.....q......................(.......................-......................_..........S.................5.....~...........].............

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\sr.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):329949
                                                                                                                                                                                                                                            Entropy (8bit):4.855496489995685
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:V3ZF6QoNbVXpmK7dbAc4NRKSQ8hwti8bLo7rHf4iekdaJheKGzkp0cwVBAg1d1kL:VOXVdb6yi99aJUKGzkzQBh1zkL
                                                                                                                                                                                                                                            MD5:446E0C28F6255BA9BDBA9C0C73921111
                                                                                                                                                                                                                                            SHA1:E1DC98B94BFB181A8A55F3821B8C03913626DDB6
                                                                                                                                                                                                                                            SHA-256:95FA35C5457F3BE7706A8AAC672E203BCD9E77AA3B26B965330C92CCCA2D089E
                                                                                                                                                                                                                                            SHA-512:A0E449E1902767A24C17C98A53CF58F211CF23318DF8BD1A5D771687BA6F684B2F6C6437E4675B6F7B084D1197035614FC558A28FE50182A5AA06C85323CA6CF
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........@.^.v..o..w.#o..x.Jo..y.[o..z.go..{.vo..|..o..~..o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p....!p....&p.....p....6p....>p....Ep....Lp....Sp....Up....Wp....Xp....Yp....[p.....p.....p.....p.....q....Jq....Nq....hq.....q.....q.....r....>r....fr....vr.....r.....r.....r....As....Hs....Ks....Ls....[s....qs.....s.....t.... t.....t.....t.....t.....u....Iu....bu.....u.....u.....u.....u....Dv....vv.....v.....v.....v.....v.....v....:w....Nw....uw.....w..!.1x..".4x..#.Rx..$..x..'..x..(..x..1. y..2.3y..3.6y..4.]y..5.wy..6..y..7..y..8..y..9..y..<..z..=.>z..>.rz..?..z..@..z.....z.....z.....z.....{.....{.....{.....{.....|....C|.....|.....|.....}.....~......................p......................T.......................m.....m...........................0......................u..........D...............R................`................o......................0.....n.....9..........4............................m..........@..........;.....^............

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\sv.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):198869
                                                                                                                                                                                                                                            Entropy (8bit):5.559046366566631
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:YRhfQKmQuoL/Dfyk+GtJgaO+EGzyO1xiVeU3nbdiL71T:Y/fN/uoKHJvGzzEbdqT
                                                                                                                                                                                                                                            MD5:C34D47B16B956AB98B35D9D2810325EE
                                                                                                                                                                                                                                            SHA1:5E5D3E0C522BE1A0B6D7E894BC4943E8421C6383
                                                                                                                                                                                                                                            SHA-256:C48A03363840FCD92BE91F4E14B9B13E05106F5C4105464FFA2C2A73C71E2463
                                                                                                                                                                                                                                            SHA-512:6D54685D12223F1AEBE0C26981ABA4DFEC925B0B481C37C6724783D53C1D956CF5B2A929B32675C7548137415F02AE9CBD66AFCEB8E6245466D48689D487268B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........0.n.v..n..w..n..x..o..y..o..z.'o..{.6o..|.Ao..~.Io....No....[o....ao....po.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p.....p....9p....Jp....[p....mp.....p.....p.....p.....p.....p.....q...."q....Jq....Yq....mq....{q.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r....Xr...._r....pr.....r.....r.....r.....r.....r.....r.....r....%s....5s....Ns....\s....ds....ss....ys.....s.....s.....s.....s..!..t.."..t..#.4t..$.^t..'.rt..(.~t..1..t..2..t..3..t..4..t..5..t..6..t..7..t..8..u..9..u..<..u..=.:u..>.Ru..?.Xu..@.hu....yu.....u.....u.....u.....u.....v.... v....Mv....qv.....v.....v....?w.....w....,x.....x.....x....ly.....y.....y.....y.....y.....z....Jz.....z.....{.....{.....|.....|....&|....G|.....|.....|.....|....1}.....}.....}....S~....X~.....~.....~............................h................F...........N..........7....................................................R.................s..........H.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\sw.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):203184
                                                                                                                                                                                                                                            Entropy (8bit):5.399627811080787
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:ta+3hQgmdVTl44ZDEhf50dR4cEJ8zBeDVZhGzBz7OTcXRED/j2Sqt9g1Vh4xHwi:tzGROthkecK8eVZhGzREDaSZt4xHwi
                                                                                                                                                                                                                                            MD5:3EE244FB4F41722DE1FC67420560E849
                                                                                                                                                                                                                                            SHA1:3A25ADD92438C199A1025A716A725F8D4BBBE540
                                                                                                                                                                                                                                            SHA-256:48E72F24A44326DE5455DB825052C6C6DCA7C271B63B7AA9EC1A4CF30F7F4890
                                                                                                                                                                                                                                            SHA-512:C362202B4CD57B3FE80230B39DF758C6E2058FC8B039DADA70DE2F9ECDB9C4220421319B6EF6EB675F1467661C222D45DB1037A75A254EFD9A8A53AAA68D2492
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........4.j.v..n..w..o..x..o..y.#o..z./o..{.>o..|.Io..~.Qo....Vo....co....io....xo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.... p....!p....&p....@p....Vp....hp....xp.....p.....p.....p.....p.....p.....q....4q....\q....lq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r....>r....Cr....nr....sr.....r.....r.....r.....r.....r.....r.....s.....s....Js....`s....ss.....s.....s.....s.....s.....s.....s.....s..../t..!.Ft..".It..#.gt..$..t..'..t..(..t..1..t..2..u..3..u..4. u..5.5u..6.Pu..7.^u..8.ru..9.~u..<..u..=..u..>..u..?..u..@..u.....u.....u.....v.....v....Fv.....v.....v.....v.....w....-w....ow.....w....tx.....x....7y.....y....(z....=z.....z.....z.....z.....z...."{.....{.....|.....|.....|.....|.....|.....}....,}.....}.....}.....}.....~....p~.....~....$.....'.....M...........j.....................L.....w...........8.....{.....C.................^................i..........W................C.................^.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\ta.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):513905
                                                                                                                                                                                                                                            Entropy (8bit):4.136344055675861
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:jRCfyB8LAzaIMKJKfK03Wdy2ZsZ8EgTH3g2LDZq2tnfrwQzAiyiDjjFY/c2sEoVV:jRQAzPvnrAGztX26Xb
                                                                                                                                                                                                                                            MD5:27DC76ECEA86DACB0D76EEFB74E1F3B8
                                                                                                                                                                                                                                            SHA1:57B62ED78C0DE5495EB226E63A9061597B0BEAAC
                                                                                                                                                                                                                                            SHA-256:1B6CF53B491528A39845D0B3386FE88BCD9059C65449B5A70FB99322E4693AA0
                                                                                                                                                                                                                                            SHA-512:8B29607EE0071327682DEF71A23D676901269D1DF088F7D2B4EADFD091D41C5191AB031A7D2ACA4DF7B4D4B236D54254E4575D08A0B101806B76EFA63C124661
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........'.w.v..n..w..n..x.1o..y.Bo..z.No..{.]o..|.ho..~.po....uo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p....%p....,p....3p....:p....<p....>p....?p....@p....Ep.....p.....p...."q....Pq.....q.....q.....q.....r.....r.....r.....s..../s....?s.....s.....s.....s....Ut....\t...._t....`t....st.....t.....t.....u.....u.....v.....v.....w....[w.....w.....x....cx....xx.....x.....x....[y.....y.....y....:z....^z....kz....wz.....z.....z....#{.....{..!.a|..".d|..#..|..$..|..'..}..(.=}..1..}..2..}..3..}..4..}..5.:~..6.n~..7..~..8..~..9..~..<.....=.E...>.....?.....@.......3.....T............................K.................V......................6............................i.................F...............=.....=.................................&.....e................................o.....K.................b......................j.....:................z................C.....c.................................Y.................m.....9.....z.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\te.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):487541
                                                                                                                                                                                                                                            Entropy (8bit):4.328991640933705
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:QQUokiFu09e0zhh6gVTNX3yd5qe37MqMD72Gz3NuhIZrY5/SL:Q6P2GzT
                                                                                                                                                                                                                                            MD5:4DCCB718D72492BEB23A79E6102D0D0B
                                                                                                                                                                                                                                            SHA1:CD0595C666E9FDBB3A93B4ABF6B5140E0AB2795E
                                                                                                                                                                                                                                            SHA-256:32E6AA2CCC5BE605F77B91182772AA67F3CF156BC8B63DC0F5A34E7ED9A6AE09
                                                                                                                                                                                                                                            SHA-512:3109A6049788B496D9C349716BD171CEBF7642EFC9E02B9D34D790FD4B93F04BD1B3C614D46A7216B8484679960B3A9F3633ED0D26F4E2D02068A982F251DE0B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........L.R.v."o..w.So..x..o..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....o.....p.....p...."p..../p....5p....Dp....Jp....\p....dp....ip....qp....yp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q....Hq....|q.....q.....q.....q.....r.....r.....r.....s..../s....?s.....s.....s.....s....ct....jt....mt....ot....|t.....t.....t.....t.....u.....u.....v.....v.....v....*w.....w.....w.....w.....w....`x....rx.....y....Ty.....y.....y.....y.....z....#z.....z.....z.....z.....{..!..{.."..{..#..|..$.h|..'..|..(..|..1.@}..2.O}..3.R}..4..}..5..}..6..~..7.;~..8.t~..9..~..<..~..=.....>.2...?.N...@...................-.....c...........o.................7..........."...........|.....,.....D.....Z................G................&...............G.....G.................................&.....D.......................i.....m..................................B.....>...........>.......................................8.....L.................6.....'.................b.................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\th.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):418001
                                                                                                                                                                                                                                            Entropy (8bit):4.406866659556729
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:fvwt96sb89I3ujLhvdRsHCgMXWcPC97lhlzUbgbh/4AaGzds+mXIbP6O9hDrCZtG:fvbFGzv
                                                                                                                                                                                                                                            MD5:298EBA4D1EF60325D7F241BC59ABF6E8
                                                                                                                                                                                                                                            SHA1:7632C4866455891FADF900162E934E09F49683BF
                                                                                                                                                                                                                                            SHA-256:C8DD0B03FE3D87A6B3FF9FB27BB3278BA34245ECC1DD536F5B1356B3B08915FF
                                                                                                                                                                                                                                            SHA-512:3C12ECED7C8D6A1DB90DBFB59BC5C3E0528514DFBB372B683F34E0E14D4BE6D32D12100810A9A4A446BE6BAABC589C053FA4C49AA25F7620B479099F29FAC94F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v.Tn..w.on..x..n..y..n..z..n..{..n..|..n.....n.....n.....n.....n.....n.....o.....o....*o....0o....?o....Eo....Wo...._o....do....lo....wo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p....<p....fp.....p.....p.....p....7q....^q.....q.....q.....q.....q....Br....ur....}r.....r.....r.....r.....s....+s....Cs.....s.....s....kt....}t.....t.....u....yu.....u.....u.....u.....v.....v.....v.....v.....v.....w....2w....?w....Hw.....w.....w.....w.....x..!..x.."..x..#..x..$.Iy..'..y..(..y..1..z..2.+z..3..z..4.dz..5..z..6..z..7..z..8..{..9.({..<.:{..=.|{..>..{..?..{..@..{.....|....<|.....|.....|.....|.....}.....}....6~.....~.....~..........[..........g.....~.......................................8...........{.....................$.....H.....w.....(.......................[....................................................................K.......................6.................&..........2.....R.....H.....(.....c.....:..................................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\tr.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):214696
                                                                                                                                                                                                                                            Entropy (8bit):5.644867588568881
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:vcur5xPict3JvYrYeA1DqzkqsYIC7KeYq+oYhmWhygV7Arg2yz7IUsLGUR+8Bbin:vcur9LDKdsY89n0phGz/lw66qCc
                                                                                                                                                                                                                                            MD5:0F5F88528E16553F139707F3604502A6
                                                                                                                                                                                                                                            SHA1:72BC19C0B8843CF82710B2EC6B6A0CB8F802BF7B
                                                                                                                                                                                                                                            SHA-256:2B4F3B58DDC5D202A09603538BCAB0EB6AC40B463406047A4BA4632624AFF5FA
                                                                                                                                                                                                                                            SHA-512:6F42CC378874D1070FC6D431E0580721E13415CE8157C694B7B9037E3D95F9815E3376395291233B6937345931869381E8A6CE93811A65CD22D9AB6A23D2125B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........N.P.v.&o..w.6o..x.Ho..y.Yo..z.co..{.ro..|.}o..~..o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p...."p....*p....2p....:p....Ap....Hp....Op....Qp....Sp....Tp....Up....Wp....up.....p.....p.....p.....p.....p.....p....4q....Bq....sq.....q.....q.....q.....q.....q.....q....-r....4r....7r....8r....@r....Or....Yr....cr.....r.....r.....r.....r.....s.....s....=s....Ks....[s....ds.....s.....s.....s.....s.....s.....t.....t.....t.....t....It....Tt....it.....t..!..t.."..t..#..u..$.5u..'.Nu..(.eu..1.~u..2..u..3..u..4..u..5..u..6..u..7..u..8..u..9..u..<..v..=.'v..>.;v..?.Bv..@.Wv....jv....|v.....v.....v.....v.....w..../w....Ww....zw.....w.....w....9x.....y....jy.....y....fz.....z.....{....6{....Q{....t{.....{.....{....\|....}}....}}.....}.....}.....}.....}.....~.....~.....~.....~....".................I.....M............................,.....>................!......................N.................5.............................e.................Q..........&.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\uk.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):344401
                                                                                                                                                                                                                                            Entropy (8bit):4.954021701080926
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:oDoqGl/PGnmXPAiraiceEni8Gzzk54LNiXEkCq6MWsui+4uL2uH:OoqjnmXLraiceEni8Gzzk54LNiXEHq6X
                                                                                                                                                                                                                                            MD5:1151EA254D8BD0153B24B55F33D91899
                                                                                                                                                                                                                                            SHA1:E373B50B923EABA226AC9B4ECA60D95F1460C7A4
                                                                                                                                                                                                                                            SHA-256:FDAE4D03529D074DCA720BF25D1A96E8092A4523746A85E881DDC407F2F173FA
                                                                                                                                                                                                                                            SHA-512:F31FE608B7E4C6D9F69981C4408D3CE4DDB70DD723C6CACE5A080644E0C19940CAF6E6F3BABD0A9FE0DE98867437E47B4024A44440777A07CB0F48E5EFAE5156
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v..n..w..n..x..n..y..o..z..o..{.*o..|.5o..~.=o....Bo....Oo....Uo....do....uo....~o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p....Lp....pp.....p.....p.....p.....p.....q....kq....tq.....q.....q.....q.....q....9r....[r....cr.....r.....r.....r.....r.....r.....s.....s.....s.....s.....t....+t....\t.....t.....t.....u....3u....Ru.....u.....u.....u.....v....Ev....}v.....v.....v.....v.....v.....v.....w.....w..!..w.."..w..#..w..$.Fx..'.tx..(..x..1..y..2..y..3..y..4.Sy..5.ty..6..y..7..y..8..y..9..y..<..z..=.*z..>.`z..?.rz..@..z.....z.....z.....z.....z.....{.....{.....{.....{....8|.....|.....|.....}....z~.....~..........l.....?.....S......................".........../.................S.....j.....}.................................<...................................h................E.....^..........+...........*......................{..........O.....................<...........*........... .....N..........d.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\vi.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):245743
                                                                                                                                                                                                                                            Entropy (8bit):5.838377255221245
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:cpQIo6h0DdCG028xaGdTa1x8fuwGzd7ORb3cG3:cpdHh0DdCGYxaG1a1xzwGzd7OhcG3
                                                                                                                                                                                                                                            MD5:BFAA2786070FD86DA7091206AF2C80C4
                                                                                                                                                                                                                                            SHA1:4601DD694EC848721EFED3796332F350B8815EFA
                                                                                                                                                                                                                                            SHA-256:B349996C541F1419E6CCC209078500978A24975C61851DA7AF1BAA8939EF76B3
                                                                                                                                                                                                                                            SHA-512:AF97AE201087F151CBB8A6CD8952B24BB93D19AA04350E1DC6324D3D9F96EAFA0074554EBB20B3E1138D1B403C730ECCA62BCB1BCDAF4B93B57E598144F3AB10
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v..n..w..n..x..n..y..n..z..n..{..n..|..n..~..o.....o.....o.....o.....o....?o....Ho....]o....jo....po.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p....'p....8p....Ip...._p....cp....pp.....p.....p.....q....3q....[q....kq.....q.....q.....q.....q.....q.....q.....q.....r.....r.....r....Xr....br.....r.....r.....r.....r.....s.....s...."s....-s....Vs....Ys.....s.....s.....s.....s.....s.....s.....s.....t....!t....:t.....t..!..t.."..t..#..t..$..u..'.0u..(.Lu..1..u..2..u..3..u..4..u..5..u..6..u..7..v..8..v..9.'v..<.<v..=.Vv..>.zv..?..v..@..v.....v.....v.....v.....w....2w.....w.....w.....w.....x....Gx.....x.....y.....y....Gz.....z.....{....;|....V|.....|.....|.....|.....}....i}.....}....0.....0.....v.............................4.....f.....y..........2.................!.....\......................B.....[...............1...........................G................b...........u...........g.................K..........U......

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\zh-CN.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):183372
                                                                                                                                                                                                                                            Entropy (8bit):6.706212830806129
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:GC1DShtDFlpCV5Zk6JZsjRyPJPOKpiZ5IWDrww32LGz2/ggdI2H1U+lEkL3SH:GCcDAs6JZsdvKpiZ5x8w32LGzUU+l8
                                                                                                                                                                                                                                            MD5:A3D45BE23B33298A4145C40B5E0F1EB6
                                                                                                                                                                                                                                            SHA1:097AB4E73B54D6F40F240CE7E45C6B3EF9FF5EE0
                                                                                                                                                                                                                                            SHA-256:5AA6ED548C3BEB18DEDE142D476CF86B10C6DFD5451BE800FD393EB89B996643
                                                                                                                                                                                                                                            SHA-512:22B74D250C6B7CC61F5CEF6660289FF0CB235A9A86E0924269E641ECC6799BE81567F29FE7CE0A93CBDBDD7352164C915F56E6790E15A766C2775F916664F61C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v.pn..w..n..x..n..y..n..z..n..{..n..|..n..}..n.....n.....n.....n.....n.....n.....n.....o.....o.....o.....o....6o....>o....Io....Qo....`o....eo....mo....to....{o....}o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o....Rp....hp.....p.....p.....p.....p.....p.....q....;q....Bq....Eq....Gq....Qq....[q....pq....|q.....q.....q.....q.....q.....q.....r....'r....3r....?r....Er....`r....cr.....r.....r.....r.....r.....r.....r.....r.....r.....s.....s....'s..!.-s..".0s..#.]s..$..s..'..s..(..s..1..s..2..s..3..s..4..s..5..s..6..t..7.*t..8.Ft..9.Pt..<._t..=.tt..>..t..?..t..@..t.....t.....t.....t.....t.....u....\u....wu.....u.....u.....u.....v....fv.....w....2w.....w....1x.....x.....x.....y.....y....Cy....ay.....y.....y.....z.....z....9{....H{....Z{....t{.....{.....{.....{....C|.....|.....|....@}....L}....|}.....}....r~.....~.....~.....~....&.....B.....l........... ..........N......................l..........@......................].................D................%.....d.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\locales\zh-TW.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):184065
                                                                                                                                                                                                                                            Entropy (8bit):6.709126454968701
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:W/6QFKJHr4D20P5ao+gfCYgjq7IUPn57kSW5GzOuU83uRtedHlVh0U/Kib5fTU:NQIJHiR3IGzXUW1KiBTU
                                                                                                                                                                                                                                            MD5:1D39107656AAB170747FCA0CE47DCA0A
                                                                                                                                                                                                                                            SHA1:2C87CB238C9276311B24AE4F5BF76A09232FDE46
                                                                                                                                                                                                                                            SHA-256:F21BE566CDB18A7B3BAB71C4D6389DD0B2052AAAE887273B7FFF1E3B438200BB
                                                                                                                                                                                                                                            SHA-512:29E8850258844B0804E810CB9FE166E0DC22046876165055A2E07ECDCB3B2F30A942755BABE083713D18CFBE86D7DCA93B2D32FE142D0E04A8AFE0DB2D59222A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............v.Fn..w.Xn..x.gn..y.xn..z.|n..{..n..|..n..~..n.....n.....n.....n.....n.....n.....n.....n.....n.....o.....o.....o....)o....1o....6o....>o....Fo....Mo....To....[o....]o...._o....ao....fo....~o.....o.....o.....o.....o.....o.....o.....p....,p....`p....up.....p.....p.....p.....p.....p.....q.....q.....q.....q....(q....8q....Dq....qq....wq.....q.....q.....q.....q.....q.....q.....r.....r....%r....,r....Yr....hr....zr.....r.....r.....r.....r.....r.....r.....r....&s..!.;s..".>s..#.ns..$..s..'..s..(..s..1..s..2..s..3..s..4..t..5..t..6.+t..7.;t..8.Tt..9.gt..<.|t..=..t..>..t..?..t..@..t.....t.....t.....t.....u....!u....pu.....u.....u.....u.....u....%v....yv.....w....Ow.....w....`x.....x.....x....?y....Ny....{y.....y.....y....Zz...._{...._{.....{.....{.....{.....{..../|....C|.....|.....|....J}.....}.....}.....}.....~.....~..........@.....U.......................o...........t..........E...................................y.................2.....k................^................".....7.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\natives_blob.bin

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):218275
                                                                                                                                                                                                                                            Entropy (8bit):5.34737925007636
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:uUKt1rxNpyXcsR/H/UxRjh7uHRcdA4SSSLl/sL8:uUKvrxNpyXcsRf/UxRjhwcdAuY
                                                                                                                                                                                                                                            MD5:100F66BE85612F7DD095E0F468497F68
                                                                                                                                                                                                                                            SHA1:6D0B30428726D079AF3DEB3279033C268733DC22
                                                                                                                                                                                                                                            SHA-256:E8472A5C9291C2B46B7BE611EC994D5E37ED9EC1B473E50DFC9A94C9A923CEC2
                                                                                                                                                                                                                                            SHA-512:841A90B6B54FEAF47973990882D9A274B4E9F8E850E21A2B94A41B8FFD501969C77003C19B961D180CB2A0062B7E32A5AA6514FB34ABE8F1BA818795A2B91FBD
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:..mirrors....(function(a,b){."use strict";.var c=a.Array;.var d=a.isNaN;.var e=a.JSON.stringify;.var f=a.Map.prototype.entries;.var g=(new a.Map).entries().next;.var h=(new a.Set).values().next;.var i=a.Set.prototype.values;.var j={.UNDEFINED_TYPE:'undefined',.NULL_TYPE:'null',.BOOLEAN_TYPE:'boolean',.NUMBER_TYPE:'number',.STRING_TYPE:'string',.SYMBOL_TYPE:'symbol',.OBJECT_TYPE:'object',.FUNCTION_TYPE:'function',.REGEXP_TYPE:'regexp',.ERROR_TYPE:'error',.PROPERTY_TYPE:'property',.INTERNAL_PROPERTY_TYPE:'internalProperty',.FRAME_TYPE:'frame',.SCRIPT_TYPE:'script',.CONTEXT_TYPE:'context',.SCOPE_TYPE:'scope',.PROMISE_TYPE:'promise',.MAP_TYPE:'map',.SET_TYPE:'set',.ITERATOR_TYPE:'iterator',.GENERATOR_TYPE:'generator',.}.function MakeMirror(k){.var l;.if((k===(void 0))){.l=new UndefinedMirror();.}else if((k===null)){.l=new NullMirror();.}else if((typeof(k)==='boolean')){.l=new BooleanMirror(k);.}else if((typeof(k)==='number')){.l=new NumberMirror(k);.}else if((typeof(k)==='string')){.l=new

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\node.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):5777408
                                                                                                                                                                                                                                            Entropy (8bit):6.740926769702569
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:49152:4XJr2urEwqgM301JURAXYOVghR87GwaLH+exYsD1ExXP2Cw+QmRrksH3snn/pJg8:4phQw/M3iJUyYOKHzxxYhbrP
                                                                                                                                                                                                                                            MD5:F89681A61E9A1BC85B02867D0008C190
                                                                                                                                                                                                                                            SHA1:8E8609240C242C696004908AB2D2D0040D5C3916
                                                                                                                                                                                                                                            SHA-256:7C058B8643EC33B1FD46C099A48A8F1D7E1E380AD488111F2007651C84F37F7B
                                                                                                                                                                                                                                            SHA-512:776E9E5AC0963A109F372B2A1DD2BEFB373120B637272DF8044985B47310C0FBCAF18B25F13D2F6674C1B668B9318834830EE0141CD544CE97CC60A42087D651
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........V..GV..GV..Gt..F}..Gt..F...Gt..FH..G.A.G\..Gm..FM..Gm..Fe..Gm..Ft..G..FD..G...FU..G...FX..Gt..FD..GV..G...G...F...G...FW..G.4GW..G...FW..GRichV..G................PE..L.....Z...........!.....h'..:1.....p.$.......'...............................X...........@..........................RR.....`<T......0V......................@V......=R.T....................=R.....h=R.@.............'.T............................text....f'......h'................. ..`.rdata..0<-...'..>-..l'.............@..@.data...PF....T.......T.............@....gfids.. .....V......tU.............@..@.tls......... V......xU.............@....rsrc........0V......zU.............@..@.reloc.......@V......|U.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\nw.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):71894528
                                                                                                                                                                                                                                            Entropy (8bit):6.995441262210375
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1572864:8Fq7paXDujVxtB/i+fbkoZLxvDkUmRu/gexM+0g1kXu2UuFoFvy6T9uQkA7:8aVxtB/i+fAoZLxvDkUmROgE0fXey6T
                                                                                                                                                                                                                                            MD5:19A60A1933A84DAAEBEE60EF3FED9BA6
                                                                                                                                                                                                                                            SHA1:17BCC01BD4B3450C4937295F0F8A9CF35407F57B
                                                                                                                                                                                                                                            SHA-256:51AE35236BA372B796B65A6474B546AEE229CEC433ECAD23EAFB0497F9F50813
                                                                                                                                                                                                                                            SHA-512:CE1C96F36ED4352611112AB5C322737EE3423A4734036D5ECE54A95FB7046E2F8D64EBF330D0A4953CA42A9D197BCF7A3D2B71D93164161C4DF1AC234CE5FD93
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                            Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......CO..............js..3...js......js..N....w........".....<p......<p.. .......w....p.......p......js......js......<p..p...js..8........*...p...-...p...d...p.......p........r......p......Rich............................PE..L.....Z.........."!.....t\.........].n.......\..............................`O...........@..........................p......|}........'.@e....................,..k".....8..........................h...@.............\.4...DX.......................text.....[.......[................. ..`_text32.l.....[.......[............. ..`.rdata..$G....\..H...x\.............@..@.data...lA.......D..................@....tls....%....0'.......!.............@....rodata......@'.......!.............@..@.gfids.......`'......$!.............@..@CPADinfo$....p'......2!.............@....rsrc...@e....'..f...4!.............@..@.reloc...k"...,..l"...&.............@..B........

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\nw.exe

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4127368
                                                                                                                                                                                                                                            Entropy (8bit):6.623143149221357
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:49152:21ofvF4pW2xu+3ozNMWhPCKpIrPdDJUbSThkVk8DvJnvfbwTJAosyhTcpnq1SfL:givFCW2xu+4ZPCdfhkVpDvdfb6cq1SfL
                                                                                                                                                                                                                                            MD5:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                            SHA1:90C450FD63C36E1255857878851F265D496C6966
                                                                                                                                                                                                                                            SHA-256:EE7F207871248C744AEE7BD029EC53C5A4401B3090FF9BF5F2C1B916FA043408
                                                                                                                                                                                                                                            SHA-512:AEBBBADB4D1A0B40CDE87290A35352E2FD2BBC6B51EB13B490D0999CC1940BE760EE1CA5E37A3C4FB4AF2E6881A4C98127A66CB87AA8A1364368ABB59FEF6CF1
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........B........................)...t........`..................................................................................u.............................>.......V.............Rich....................PE..L...c..Z.........."......./...........&......0/...@...........................?......R?...@...........................7.h...(.7.......8..............>......@>..a...|7.8....................}7......./.@............0/......7......................text....?.......@.................. ..`_text32.l....P.......D.............. ..`.rdata.......0/......./.............@..@.data...h.....7..0....7.............@....didat..<....`8.......7.............@...CPADinfo$....p8.......7.............@....tls....!.....8.......7.............@....rsrc........8.......7.............@..@.reloc...a...@>..b....=.............@..B................................................................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\nw_100_percent.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):762897
                                                                                                                                                                                                                                            Entropy (8bit):6.716362640764218
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:q6lK1KUa39Oz+3K0QYvFJLMRQ8UALw4L/oUVxU1oOvvfTJ7bDlIJM/7OV71YwlsY:z8ra39snUwUI/oUyL5DRj8ct+
                                                                                                                                                                                                                                            MD5:91F6676B40DE7D86D7BC4444D5820905
                                                                                                                                                                                                                                            SHA1:BE2F6F557885219444A9759663EAF699E504F4DB
                                                                                                                                                                                                                                            SHA-256:8205065283274C1AF5EB2C2ABD5B1F9A5B97893D6E4C2B9EDA27DB6EAA755A93
                                                                                                                                                                                                                                            SHA-512:2E635F4B36A098F5839412404C3E5D0CE02438082B12F16F8CD1BAB22DD56DADE9C2794690C7D713422D2AD85E242D1A8E9CD9FF1735B16BBDE218CF3BA4C99C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........N.1.........7.......................v...........(.............................U.........../.....|...........X.............................:...........0.................R.........../.........................................'.....u...........^...........x ..... ....w!.....!....."....X"....."....B#.....#....C$.....%.....%.....&.....&....-'....u'.....'....H(.....(....").....).....).....*.....+.. ..+..%.~,..&..,..,.$-..-..T.....V../.....0......'i....'.....'.....'{....'.....'.....'$....'.....'.....'.....'.....'.....'i....'(....'.....'y....'.....'M....'.....'!....'y....'.....'7....'.....'.....'J....'.....'.....'_....'.....'.....'[....'.....'.....' ....'.....(c....(.....(.....(.....(J....(.....(:....(.....(.....(.....(C....(.....(.....(.....( ....(.....(.....(u....(.....(P....(.....(....*(Z...+()...,(....-(.....(W.../(....<(....=(....>(W...?(H...@(....A(....C(....D(....E(,...F(....M(....N(.7..O(.L..P(1c..R(.o..T(.q..U($r..Y(.r..\(lu..](Gv..^( w.._(.w..`("x..o(vx..p(.|..q(.}..u(.~..x(B.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\nw_200_percent.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1019602
                                                                                                                                                                                                                                            Entropy (8bit):7.193346250260081
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:yoa3GSDwXR39dQjA3gMYIsLj60rd/oUrMjgs4jTE3uBUTN3:IDEXt9dQE3gRIamU/oUrMjbaE3vZ
                                                                                                                                                                                                                                            MD5:FAC606B2F06A2C09F527581BF925B0BC
                                                                                                                                                                                                                                            SHA1:82C95D8979CA2E2F9F984825C26B6ACE1335288E
                                                                                                                                                                                                                                            SHA-256:79A5787B1E8D1BC492AC389BD1DB2C6A0F4677542E5D86ADA15538D2DA42027E
                                                                                                                                                                                                                                            SHA-512:E1BFB13F219F3AC47F052FC3817E21B5AD0DF05702DF202E35A4B4C679F993783F4FE487FC8A3EA948FE7AB9917BFC1F6679D7084D390777CBD9E13472B2E838
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........Q...........g.................e...........c.................%.............................E...........).................}...........^...................................D...........9...........< ..... ....C!.....!....4"....."....."....z#.....#....}$.....%.....%....)&.....&.....&.....'.....'....0(.....(....I).....,.....-..........M/...../...../....H0.....1....e1....*2.....2.....3.....3.....4.. .95..%..6..&..6..,.Q7..-.K^....[d../.....0......'P....'Y....'.....'.....'s....'|....'y....'H....'.....'(....'.....'.....'.....'S....'%....'i....'.....'U....'.....'A....'.....'.....'{....'.....'P....'.....'.....'.....'.....'H....'.....'.....'r....'8....'.....'.....(.....(r....(.....(.....(/....(.....(.....([....(.....(~....(2!...(""...(.#...(.%...(R'...(=*...(.+...(A/...(./...(.1...(.:...(.A..*(.B..+(bC..,(.E..-(GH...(`J../(.K..<(.L..=(`O..>(.Q..?(EW..@(2\..A(.^..C(E_..D(.`..E(.c..F(+f..M(.j..N(x...O(....P(....R(....T(....U(....Y(i ..\(.%..](K'..^(.(.._(B*..`(.*..o(.*..p(.2..q(.4..u(.6..x(%9

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\nw_elf.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):422400
                                                                                                                                                                                                                                            Entropy (8bit):6.694383773669672
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:jHmCxIXlhCOwW51bM5CHOfMG9LwbeL2G0zPbwkg7B8Gy9AOID3:jHj+X6Of1bfHOfMGqbg2GKbkBNy9iD
                                                                                                                                                                                                                                            MD5:A2AFC1508381E830303542A1B8AE591D
                                                                                                                                                                                                                                            SHA1:CD684FD6DD856927C86202A34B8092E531E1BC4A
                                                                                                                                                                                                                                            SHA-256:4EED53297A5F418B5CA6F70329DA3CD6B2ADF6C799AC04916109C177C49A27FA
                                                                                                                                                                                                                                            SHA-512:605B8F6EC8A635797867CBDB991845A58A477F7F59F45FE9713055199F37BD0CDB341DC1220B7AEBA7301555D2445DD6ED3463F1D999707938E85DA1F710F6BD
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........>Jm._$>._$>._$>..'?._$>..!?W_$>.. ?._$>k..>._$>..'?._$>.. ?._$>g.'?._$>b. ?._$>..%?._$>..!?._$>._%>.^$>b.!?.^$>b.$?._$>g..>._$>._.>._$>b.&?._$>Rich._$>........PE..L....n.Z.........."!.....................................................................@......................... ....... ...(.......x.......................x5..0...8...................h...........@............................................text............................... ..`.rdata...I.......J..................@..@.data...\H...0......................@....crthunk@............,..............@..`CPADinfo$...........................@....gfids..x............0..............@..@.tls.................4..............@....rsrc...x............6..............@..@.reloc..x5.......6...<..............@..B........................................................................................................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\resources.pak

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):5755269
                                                                                                                                                                                                                                            Entropy (8bit):6.213922800585382
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:49152:KAx3gRAzJwVEtguWq/19Ob1HLCEqyUIGpXCALsScY9u+G1hdAK5QwJbeuRkoS3oy:VILCEwcz1h0
                                                                                                                                                                                                                                            MD5:ECCD15B0C17611EF15764070E9694DF3
                                                                                                                                                                                                                                            SHA1:63EE4639D7A0606FB502386CE4913B2626BCEA3B
                                                                                                                                                                                                                                            SHA-256:DE44C40234F1E31581A88CE9CD477FAAA419BD0A11A4F51277B6D596CCF866F7
                                                                                                                                                                                                                                            SHA-512:11AF8716E53AE267753A86E50A1D05E379E0831A5787F32575629BE7690BFAF2BA9C8B61B67C7F39C2B38306E1A995E8B7CC3976A301A679B9D544BD0377FE22
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............e.j...f..+..g..8..h..:..i.q;..j..K..k.SR..l.2T..m..T..n..\..o.T`..p..d..q..g..u..i....].....]....'.....'^....'.....'0+...'.9...'.I...'.Y...'Fi...'.x...'.....'%....'q....'~....'.....' ....'N....'.....'!....'.1...'.H...';e...'.{...'....'-....'.....'.....'.....'.....'.....'.1..Z-.4..[-<;...-O\...-9c...-:d...-Cg...-.m...-.s...-.....-.....-`w...-.....-@....-h....-.....-.....-.....-.,...-!....-./...-'5...-Y>...-.F...-.H...-.H...-.L...-9N...-hR...-.X...-._...-.d...-.j...-.n...-....-.....-h....-.....-....-....-...T.T...U.............>......'.....).....P.../1o.../.q.../.r.../Pt.../)y.../...&/....'/.N..(/.X..)/....$1....%15...&18...'1L...(1.$..)1.5..*1.?..B1.F..C1.H..D1-J..L1.S..M1WZ...1!j...?.....?G}...?....?.....?]....?5....?!....?.....?.....?W....?.....?8....?....?.....?.....?.....?G....?.....?.....?E....?.....?.$...?.&...?o,...?MH...?.p..%?....&?....'?....(?....)?....*?....+?Y...,?A...-?.....?..../?....0?....1?c...2?....3?....4?....5?.=..6?.G..7?.H..8?CN..9?.R..:?.T..;?+]

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\snapshot_blob.bin

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1198536
                                                                                                                                                                                                                                            Entropy (8bit):6.0724872991141385
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:HbztrVZr3DoSHdbPOzwxxkNrBhw63E2Lf0Nyi6kJcMcOTN2I0vFi90o1:HbztX3DFA8orXF02Lf0NpJgU1mFi90o1
                                                                                                                                                                                                                                            MD5:1BD6EACB823E1A4C5F17516B45C85CE7
                                                                                                                                                                                                                                            SHA1:2693FB26D0ACEEA5001C6C8A4B5FE4B0C1735E33
                                                                                                                                                                                                                                            SHA-256:34F17BC88B07D6F0C205153E8C85629915EA93EBBF0F82E4C173E292BF3BDB08
                                                                                                                                                                                                                                            SHA-512:EC72E7E70EA361FFADE06E4324267243CC9907932A8797FCACBA1510745DA521F06365D3D6E48F8753AECAC51530F79D33EE6BADEDEDDE0980E7349E495C4348
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:................v.C.....h........p..@....#...........,.,............. ....,8........... ............,8........... .9............o......o.$......o......:<................. .9......:<.......,8........... .9......:<.......,8........... .9......:<.........,8........... .9......:<.................,8........... .9......:<...............uninitialized.....................undefined...........,8........... .9......:<................d....,8..X........ .9......:<...............>........,8........... .9......:<.................=..6......hole....$.........>.....9...,8........... .9......:<..............?..=.:..$....true.......=...B ....boolean.........,...........=........false..................=.~j.........,:........... ..........<.........,:........... ........;.$.......,:........... ........;=.......,:....!...... ........;=.......,:.....H..... ........;=.........,:........... ........;=.......,:........... ........;=.......,:........... ........;=.......,:........... ........;=.......,:........

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):107520
                                                                                                                                                                                                                                            Entropy (8bit):6.3572540880058
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:wB0bzVn8icEY9OkFwaMZsDV4AcVrvsoEX4vpTb/sW9cdS8h5TQ0y4oVPYT:wyt8pEiDV701vJaSKq4o1Y
                                                                                                                                                                                                                                            MD5:973BCAD92FB7B30AB5A7A2F35E2EEB24
                                                                                                                                                                                                                                            SHA1:594477D5FF4626B2CA72E485DFAF53CE8BDF497E
                                                                                                                                                                                                                                            SHA-256:750CBA685EE7B85E87D4843F3AD9C549CB22E6FF90247373823CDA16DB7E2141
                                                                                                                                                                                                                                            SHA-512:144C362423CE4D5C3F6A45FAB4E9DED409F06764E5497B5D03E67EB51C5860F38DDE631553D6EF6468C0FBDFAFA7B4B474C2AC913F57C6AEC81665BDA1375536
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................................................................E.......E.......@.......E.......Rich............................PE..L....,.Y.........."!................ti....... ............................................@..........................}..........P...............................|... o..8....................o......Xo..@............ ..@............................text...p........................... ..`.rdata...i... ...j..................@..@.data................|..............@....gfids..............................@..@.tls................................@....rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2013184
                                                                                                                                                                                                                                            Entropy (8bit):6.726531618207793
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:49152:pIcO8JVs8rBf5ACKu43D6YMu+46+/imfywoMuF5P3Rv:pFO8JHBfIN3D6YF+ItywoZd
                                                                                                                                                                                                                                            MD5:1196BE50E7F9F56901865C0CFA76CA3E
                                                                                                                                                                                                                                            SHA1:5384443AB344DBBF558E0CFC155CBACE89121871
                                                                                                                                                                                                                                            SHA-256:2389E02AAB2A20D1067F4E6AC9D0E1961B99B64AA539A967842B3F60AF450365
                                                                                                                                                                                                                                            SHA-512:E9954D974E70F56E3FDAB4F1A3341F9A960E3D8BA4FFC26F26D1E0562F38E75FAF1627AF81E143E3DD25ABC780FFB4C37F339B6783637EA414B4AE485EB3D609
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........y...y...y...$..y...$.!y...$..y.......y...'..y...'..y...'..y...$..y...$..y...$...y...y..gy...'..y...'.,y...'...y...'?..y...'..y..Rich.y..................PE..L....,.Y.........."!.................6........................................#...........@.........................`z......D...d.....".......................".....p...8...............................@............................................text...Y........................... ..`.rdata..:...........................@..@.data...............................@....tls..........".....................@....gfids........".....................@..@.rsrc.........".....................@..@.reloc........".....................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\css\opensans.css

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1800
                                                                                                                                                                                                                                            Entropy (8bit):5.223532960977299
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:L286KGb28HL/RK28Y28vm1y28tJ28pf5pG28swy9IDi:68NGK8rZt8f8SV8C8pf5n8sNOW
                                                                                                                                                                                                                                            MD5:EDAB2AD532D5A2E8736176A0D455B1BD
                                                                                                                                                                                                                                            SHA1:10C0BA9E3D9A8196A6852F9A264CA378D0961099
                                                                                                                                                                                                                                            SHA-256:AEAC4EF506D8ECDA071169649D3A9D46344E8EEC246BA1C716499E9FAB05F7E4
                                                                                                                                                                                                                                            SHA-512:3C059E4BD497C22AD7DD586ED5252C091BC63753BCE2065D566C94C5B7F2BEBE5F858D2FC812052926F69F5465AEAC9389917EDDEDF1B7D0BFE5D82808DA9158
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:/* cyrillic-ext */..@font-face {.. font-family: 'Open Sans';.. font-style: normal;.. font-weight: 400;.. src: local('Open Sans'), local('OpenSans'), url(opensans1.woff2) format('woff2');.. unicode-range: U+0460-052F, U+20B4, U+2DE0-2DFF, U+A640-A69F;..}../* cyrillic */..@font-face {.. font-family: 'Open Sans';.. font-style: normal;.. font-weight: 400;.. src: local('Open Sans'), local('OpenSans'), url(opensans2.woff2) format('woff2');.. unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;..}../* greek-ext */..@font-face {.. font-family: 'Open Sans';.. font-style: normal;.. font-weight: 400;.. src: local('Open Sans'), local('OpenSans'), url(opensans3.woff2) format('woff2');.. unicode-range: U+1F00-1FFF;..}../* greek */..@font-face {.. font-family: 'Open Sans';.. font-style: normal;.. font-weight: 400;.. src: local('Open Sans'), local('OpenSans'), url(opensans4.woff2) format('woff2');.. unicode-range: U+0370-03FF;..}../* vietnamese */..@font-face {.. font-fam

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\css\opensans1.woff2

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:Web Open Font Format (Version 2), TrueType, length 16868, version 1.6554
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16868
                                                                                                                                                                                                                                            Entropy (8bit):7.9880541218783945
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:AF92jnHaPlexnHnbJg3txyB4pRvbSJsLJKJFZ9n:c92bHsWJmg47D2stAvd
                                                                                                                                                                                                                                            MD5:4B60E71334D025BE8BD843ACC59753E1
                                                                                                                                                                                                                                            SHA1:E0350190D720A8FEC0557AB47B318EC4E4486448
                                                                                                                                                                                                                                            SHA-256:CDD6F09441727E4AC6FA370E2B8221EE3C2892265CB618AFA35643CBDD5B7617
                                                                                                                                                                                                                                            SHA-512:B7ED2906BEAE601AAAF9249BE565C1F6A6F29FD9D2C36F7C8338AAD97B4ADD5CD8F7023F8EB5491A660E252021BD247B8C65564F2D2C1AC17B7972D754A568AB
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:wOF2......A...........A..........................".....`....."..4.....T..D.6.$..p..<.. ..2..J....:r5l.....*.p._.h$B.820.kGE.q.(..d..9.r...<.jY........foL.%.S)tl....K..d.K.U*...O3.{...2.Gs...Z.5.Db.@g..)."....T$..c.?.7.Z...M..../..c..q....'fZ...q..2..8.3.n..i..~~.3..&5.}.7.w..$...*.t,.......~.&.L5.{f.?.lh..37......fbb.z..g.TLT...&..q.....E?.#y...v..}o?5.L..q.d.%.j Q...:.....&uV..Zq.-.8a.E../.oF.X..4T.s..E.E....*.jw*..H..?.L/.!K.....).#].L....6<.}.e.[2.RW....n.e....=..W..A......yY}..TE..U%...8...:+.v.}C|.PQG`.&..V~..].Yh..$y`...F..r..Bb.......I..t..*..7.FM.Q...v.-...Xc.;..D.6.{.L.\...:..._..{.HH.8X.\t....Y..[(...^......I.....dJ....9J..r...\t..K..g.....(@T.u...;..{......t..O}....B......:...s.s.(..K[.....wI.8....~9z........ .n .?I.xXv.L.`.)...2t....Ru. .t8.D.....q.....7.!.....$...F....5.5]....."...| ..xU)......{.~..~..y......a..!.iU.H.W1.....Q.8...&...Z..d S.VjUA...&.....#....l ..,.@SB$.d@..W../...A.....la..d\........S.f.[0..u.U7...ST/...W?.]1.@..6.P..

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\css\opensans2.woff2

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:Web Open Font Format (Version 2), TrueType, length 9676, version 1.6554
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):9676
                                                                                                                                                                                                                                            Entropy (8bit):7.974841909039616
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:pvu6iax1W+gxgsnpb2Ds8gS78nB9fxoA3sp5XdWpQS2Jm6P8ve:o6iaLexDnYD0mOD13svtWyS+BP8ve
                                                                                                                                                                                                                                            MD5:85759F54539623A05BF2E5A3F6799DAF
                                                                                                                                                                                                                                            SHA1:BE201D32A9AA5D186723EBB3C538BE691AA8C53A
                                                                                                                                                                                                                                            SHA-256:CF84A7B7066A47F6973D447ABE36D8B8247A2949DC66363F2CD861767885ABC2
                                                                                                                                                                                                                                            SHA-512:9BEDED6DB64CB808B4E61F0ED26B26CE03A20ACF68275A5CFE7079758D6A72A791F273A6E939018B338EA414D2E3B149C92BCFD0313725F14BAA87F1B790FF51
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:wOF2......%.......J...%j.........................(.....`....."..4....x.P.6.$.. ..f..... ..2..?....UA......l....$B.8@.AU............j...u..nm.........Z...,.R.U:.M....9t...T^U....d...?..*0...:...Z.Y....|...5a.>\W.j....gi......._.e0.p....&C.2y.\..lr....+..b....gZ.....CX.a...Q7..3}_....Z.....r.d.cW!.:_...M.\ ...1.K...r-...p..m...vvba...D.h.X.2"X3.....Q(F.0zel....wV.....e.....{.8=.f.....}......0.)..t..M.T.._Q.pS...f.I.u....<.......U.......$...T.....9q.!.[.h...Cy.AvR.. ..;....'F|.......*.I$....=t.........pT.f.c.Bq...XOB.......S......Z...a....uz..9.2\$'.|.........$;......B.%...|...T.MsE...uy..-..2.......,.0T....rYr..B(.......P'.J..B.....k..^nB&.!..,4"..g. .Z.sA.!!....a..^...........mz..y].JB;~F....'2. .....J.......=...%?A.n...s..n.'....O..Jxe)*..!M.JBhL.cD..8.6..4?L...p....;~...x.....Pyx.......O...."...}.#.0.....T1.i...k.j..t/..?.%L83...c...!.......m.J@.......zf...(.~.u../..x'...V.X.\iP...8..q..n5...9}.MAI..%.A.s_.o.2.....%.A...~..@M..n*L.....H\

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\css\opensans3.woff2

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:Web Open Font Format (Version 2), TrueType, length 2332, version 1.6554
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2332
                                                                                                                                                                                                                                            Entropy (8bit):7.869949868745035
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:Ibi/lZ1jAjJ+6p1/d4vfhRblBFRGLiGxrQ0EM4Jg5QsM:fZ5AjJ+8/4hRbFRtKrQ0E60
                                                                                                                                                                                                                                            MD5:F736E54388BFAAD417DF1B30814B6AAE
                                                                                                                                                                                                                                            SHA1:2C5B039B57F62625E88226A938679EC937431AD1
                                                                                                                                                                                                                                            SHA-256:5CED1FBF1C36965E6A61DDCB52D7AD7CC43A8A6096A8E40AE2405BFBB3153FAD
                                                                                                                                                                                                                                            SHA-512:4BEC4A9EFC6FDB22F805F5CF61F765C8DEB259C72748DE6069714AF0D4287B435583F8ADA6637DF3B139AE4CF5BD3AB805088C99888C10F54E9981C34DADC991
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:wOF2...................................................`.,.."..4....`.E.6.$...... ..2.G......Q.M.I.E..b.%%..XH`<-....FF..w7b(...}......5d..oq).....Z._N.L$.H..N....d.c....S...2y9o.,\..}...z]`:v..1A....y..y@..").r.#.e..a.....C..i?W'.F.-..Nf..}...#...I)C.. $J&..26..7f .H.<.....b1j.....+.[.`6....J^..&.o?@..2.... .....]._......$q...S......w`UY.8.9.$..}W....dg..p.%X.H.e..+..ZCt.....%.W...r.o...`...!........].-.......{.5 6....-....j...Y..\..G...o5..Z....'..+.Q,.s......cG..>tp......R.Vv..e.....".P0..y=...Eb...h..0.9.l...f...J6R..W.M.r..9Hm.).....:..)........@.G2.....v...<..?.7.IcnUE............=......Xa2....D,.....^.l."j_i.q. ......g..5n..U.....Y.X.B{../`...q?.....)..d......p.p.8. <../c2.;X.w<..E....+.....1...O..4.Qq.....wN.H.....J.$u...RZ..Qb.$l......2.n4*.5..U^..^.........9f...R...1..V.3N...3...&....1..G..rU.....a....z.r...i.%....[.RuMu.f*_.hp.^.2.....`....)71...**.+...n..E..v../....*{.2.!'P....E.....(k.hq........f3XN......*......v;.A.-..a....X~c.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\css\opensans4.woff2

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:Web Open Font Format (Version 2), TrueType, length 8160, version 1.6554
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):8160
                                                                                                                                                                                                                                            Entropy (8bit):7.9700811821881645
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:9+77Ihm4JmBCuXbtbyKjgBnw+3uqS8IxZrtXPyR6V:9VvmTtUnHTSXhXKi
                                                                                                                                                                                                                                            MD5:C09EA514A21D4A93BC0C4A96ED503A59
                                                                                                                                                                                                                                            SHA1:BE365ECA44760CE3FC9B377C43D4634958479C69
                                                                                                                                                                                                                                            SHA-256:F66947CEC51A5785E6F9CA02F45E8F0D22D43BA818ED114366D033E14458BC84
                                                                                                                                                                                                                                            SHA-512:19365BC788085CA00F86DC74ABCCC77B48CC9F0BFE11093B52165B049ADDA5DC16B48598BD878AE2816465CB1AD70A4F134C4619CE58C8A76FCF15380B05B285
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:wOF2..............<|.............................(.....`.|.."..4....l.x.6.$........H.. ..2..6.....6....w.*........d....r.MX...."N....0..PFNX1...i.u.......Q.n..C.1.._...N..%,5:D...T....;L..?...D.^....<...xD.u...#..>..g2=...;.&..k(%A..}....u...p |H.W.%...@!\.........."..>/rK....W^...}..W.....@........X{@..z?.#..ga.5.LP2PuU.....\._..U.......&*.... .......TK..OJ......i#.lV..z\...m.Pj]4..SqZ. W.Y.Snr9..a...c..;].@....R.5.JV..Q...b...).:.gVY7....*b...L....B%4....B.f.. w........Y.?s..%i....2a.J.Q..B.g..O........u.2.i....i|(.l..T_.a.w.AP>,j.,a..IJ...IYO.sj9K.r.!.%.........$=...uLT......."X.y..yr....XSk..f....`....3.>A.....H...zd.q.E@.8.y3....u..7.......vv.(D.m..A..sZ%.@!...p.F1%..Y/.<H$.._!....=.'....\\y.A%|.rXD.....3.i.e.8Q..LR....p.........GI.EC.....x..1?.D....}6....Tm^......L.".w...(.nZH..<N=n...DU.S.NY2..$...,....D...2.,.....r.H..tg..m....1.>....."..$.,...s...4tM.".O..~.Z...d.m..2..VRpF. ....Ef..a%..P.Jb4g..Il(..s..X.J.V.C9c.\...e..V...+t....

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\css\opensans5.woff2

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:Web Open Font Format (Version 2), TrueType, length 5740, version 1.6554
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):5740
                                                                                                                                                                                                                                            Entropy (8bit):7.95831025079887
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:UEocAnI0DGeTJqMNB6x16AIoeqOqjk/kWA812MX9GPvlreZUWxajgCsQyN:vnAI0KetnBw5IqKkxYhXwPvlr6UWKxyN
                                                                                                                                                                                                                                            MD5:5C02962E1F9A25F98CC3CAB0DC1EE177
                                                                                                                                                                                                                                            SHA1:C4248EA800BD5608344CE163F5658B57E7EF9410
                                                                                                                                                                                                                                            SHA-256:CA17AE084F5465C81BA80EC29C647ACD772F953738940E874CCA265ED81499FA
                                                                                                                                                                                                                                            SHA-512:3D903B73B3D7129083DA4A7C9458D61A17C73DD489F273D46672AD75C601F3B790F695C667361AFFE020B0CFFFDB87B370F3ED9B4A11BED8B59E529D42A92D09
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:wOF2.......l....../..............................(.....`.R.."..4....,.w.6.$..`.Z..t.. ..2..o.....*....a.........d...8.;...p........&l....$KF..%u_...w....H......+3.....v...U.z....]7........s.....c..,.."............2....6..WD.X.........h.9.a/.q....1......]6..G........B..D....7.V^].....N.gJ...9.Z.E..V%...0e.To.......e...0....M.w.n..-.L2i2$....N..5$..@4.p...4R..aL.V...9}:g...y!O>....`{SY_....Ne`.N..J..O..J.....)7...-EHEGQ..H...ki.6....5.^..Q..*b.B.I...\.R....h.hZ..Jx..~c..D..]mk....B.4.Ecb/M.#jkN..............Z3.FDDD.hF... ...P .75@ ..@f.5.|".;y5l?..h...$7....,...h^?.0.CQ8I.&.........f.r.,.J..-......b.R@.!.]E......[...ERL+..p.-.].O.C...L.C|[|....|...n..*.@..Zk..oO.P..i... u\.....[....=A..G.&........3/./.Y...8..7...,c#V.E.C...JZ]VZR\TX.........HOKU.$'%&..M.2y..8~.h.....#xX..#..t.8l..A...!..BFR6.|bQ..F!.=.J.JL...Zl...Z-..%0@!..*a(.Z]3..8...2..}M.z.*|D7&.VZz......D!.y.!..E..b...;i.k...t,/.G!K.....M.P\O...^T...S.1.}.._K.%..T...QX.n.T....5.(S..k.n.mH../n.G.-.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\css\opensans6.woff2

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:Web Open Font Format (Version 2), TrueType, length 12288, version 1.6554
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):12288
                                                                                                                                                                                                                                            Entropy (8bit):7.973221791058246
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:yS4RT4Sxe82NOQXmzngpDbW6tyC3Kew1r3ZuhSZVKk4Ht7Y4kyv4VCK3c+J1aA48:/4tt2N7Wzg5NtV6/F3wcnKttU2vkCr+T
                                                                                                                                                                                                                                            MD5:921DD520C3FBA714997C8B941D51DBC5
                                                                                                                                                                                                                                            SHA1:113978181DCAC77BAECEF6115A9121D8F6E4FC3A
                                                                                                                                                                                                                                            SHA-256:A846F7AF6F32F2BE5CB922158882116AF42816A0FF71506920E18A3BA89456B9
                                                                                                                                                                                                                                            SHA-512:17CE9CD97314F7122879EC05B9A379E6ACFB6B4B5E9BC7C12A46CBB81B45B772DDC1F41471F4B6FACAC9010FA69F0420A7C538B6B9293A19551CF9593033C6CC
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:wOF2......0.......r.../..........................F...l.`..n.."..4....@.(.6.$..,..b..X.. ..2..".....gw.......f...../5.L{.Dd.\.5.r2..........l. .VU...$..&.....[.......&..$..F.. ..B.$"..t..#...g. {.".9M2YJD,=..w...N.........vG;.........*........F...W.o.eY>.~..6._.!..E........-.=Q...e.C..I..._u...{w..-..D.......Y}y...!.f...8.q...".F...........5....8+......s.Gy}_.dT5.,t.t.?.X...g....p:....3.@..~.A..qrP]!.;@%..oU..........Y..a"..z3.=....T.....?.[./.("..+...`./.bH7.+[.Y.E.<.3..s.....^.....!O.....=.M..qd.>..&..5.c.!...7U=...$.)..G.........N...J/c=g...}.e.....V?...b....F....!|<....tkc......o..{...5.^."4.H..Yk.C1........=b...z._..0......$ ..L)es2L..}.....I .@..t.\A..|!(.G.Mv.R.@.#....VJ].)c2.c.[.f..z~....H.qC1."+...........q..o.S<y..5..3.0..!m.B.J..5...$.<....Z.......L.r..[.T......\U.cJ....O.R..%2q.&.H.S.....L.`m....... @[..C2.....u.9v.s.s.K.M..`u.....A..87>.@.P...G.>n..A....^ZC.[... x......t(`..9.3^.E.+._...8v....'.r>.@.....f.V.....1....8

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\css\opensans7.woff2

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:Web Open Font Format (Version 2), TrueType, length 15572, version 1.6554
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):15572
                                                                                                                                                                                                                                            Entropy (8bit):7.9810164149550245
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:js8NoiTYZhWLvKuU4dX+XD3lk8M4RedEEHluh/:DoiP+4dX+T3OCRkE6I9
                                                                                                                                                                                                                                            MD5:E64CAB167BBDC04807429D10873901A0
                                                                                                                                                                                                                                            SHA1:AFC44700053C9A28F9AB26F6AEC4862AC1D0795D
                                                                                                                                                                                                                                            SHA-256:60F9B5203842A4FE2D52F7C96F3C57B755BBF8F347535469739BCC6F95A9C4B5
                                                                                                                                                                                                                                            SHA-512:9812A394D05F56B70C1DE57FF6CCD46E15C2DB99A003138A0CC2210D08303746969A269F37583A6BE14C706C645FB923136E4231B3ED1FB47FCAF6209884CEAC
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:wOF2......<........8..<p.............................t.`..L.."..4.....D..B.6.$..l.....<.. ..2..(.....w..;[...C.[%[.v.(*T..E.q@..g.....yI..%X."h.u..O...)nb.A1..hC.V.@CN....~.e..........el<..s.....8.9..5B./(..%.k..4Ji.:.....C".o)&.......T.......K....R...R(.......G.T..'.6...?......j.o..,..T.I.&..]..g..@.B. ....P&...m..Q.r.*.S..=Q.1.....2r......*D....9.._......?.6f..F.......^.r0.7..W.dY..$.......\.x...{..%.-....g.K>.>.Y. ..AtAti@..q..&y..).)..(+..aC.......d....Xy..T_.[.l}K..DN...A..Ug.....,..J5....".&.F..@.v:..pM5......}..,.AD.~..m.....#..%./B]..E-..Xv;.i..r..h.e..O..V..1P...`>.S...../.jUb....Gq.9@..x..O.v\.........A..'...5.,..A...p...".&.4...S>.-)l.Bo.'5?4S3...14J.]H.^....|!......L....... (....R:/II..FP....@...SN.7.....D.K1Wv..M..../MO6x..2B........Q. ....^B0+&..i..xZ.GS......:.2.....d...)..x...l!.>r.............TJ.S..4....E.).sN.e. .2..p.I1..&...$....Z..0E.t..G..............vkp..h"...iH@.B..[...D.,0..e.....AN....r..w.......L

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\css\style.css

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1418
                                                                                                                                                                                                                                            Entropy (8bit):4.698390719889073
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:UrrNeheolqu4dkryq3YZiDUtk73fRd0tsaxQfdQ5SsuaIV:UrEh1xryEUta3fRd0txGfkSBa8
                                                                                                                                                                                                                                            MD5:5A11E5622D026B6069E8B63FBC0D50CF
                                                                                                                                                                                                                                            SHA1:8EF846CFAD50FB752841B8897AB00F71D402A6C8
                                                                                                                                                                                                                                            SHA-256:C8E67BC0574AA9694C6BBF4A4081B530D104F05FCD028E449D2B4E1B74918B08
                                                                                                                                                                                                                                            SHA-512:91EE322CB5C67DEA81991B676B3C3C8EB2DBCFC192EBC25C38594DBD58D440FD11F271B2DBB40D11B639DBFA61873AB4E4A2CB6C14D89C04254BF4FD584091CB
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:body {.. -webkit-touch-callout: none;.. -webkit-user-select: none;.. -khtml-user-select: none;.. -moz-user-select: none;.. -ms-user-select: none;.. user-select: none;.... background: #333;.. color: #fff;.. text-shadow: 1px 1px #444;.. font-family: "Open Sans";.. font-size: 22px;.... cursor: default;..}....button {.. color: white;.. background-color: #77b577;.. width: 100%;.. height: 3.75em;.. line-height: 3.75em;.... border-radius: 0px;.. border: 0;.. cursor: pointer;.. display: inline-block;.. font-size: 0.8em;.. font-weight: 600;.. text-align: center;..}.....minimize-button {.. cursor: pointer;.. position: absolute;.. right: 21px;.. top: 6px;.. width: 10px;.. height: 10px;..}...minimize-button:after {.. content: "";.. position: absolute;.. bottom: 0;.. left: 0;.. width: 100%;.. height: 1px;.. background: #fff;..}...close-button {.. cursor: pointer;.. position: absolute

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\images\fast.png

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):675
                                                                                                                                                                                                                                            Entropy (8bit):7.606800268124855
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12:6v/7i6gX7dGD3+zoCQDrqUw2QUp9RKG3VvJN1xOJ24wLTYqp2agcmitQ9:78DOsCQ/PQoRB3VhN1k24wfYqp2avVa9
                                                                                                                                                                                                                                            MD5:8D1ED092B3BE364DC47574F1310D2C87
                                                                                                                                                                                                                                            SHA1:D5BBA623B5AFB4C5B6C0AD5ED04A10F1881DA595
                                                                                                                                                                                                                                            SHA-256:07B61E98466A1F851D5DCF555AD9B901684EE622275129B98C38DA3785506FF2
                                                                                                                                                                                                                                            SHA-512:70134A9B5B786473A56F11BA7098CA6AF568EEF97AA8704A9748A5EFDFC4F16CEE1F9C22CEA9F55660BE4FEB14D6C1B5B09A7C76076D4F813A58FECF27BB8828
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.PNG........IHDR... ... .....szz....jIDATx..VKK.Q....R."..q.....Z.|.P....."b..'.......XiE..B6.6Z.c4.8....nf.$Nf&^. d1.w..9'.*..$.(.2N.V.|.&....g...8.E.%].y.G_$8...O.H..4....%..>.N...P.....K..V9Z..4f..Y.,..T.pGi.%.?8.,@..W.'q...g...}p8....y.5r.......)......&....(.WrD_V.er.).h.....t....c~sN..u&S....Z.m|.n..c.-_.A....(...._....X....,.hBD..<Z..Yk.V..._7V...U.........;....'....F..>;B..8.^.f../.:.. a?]..\.l......&@dD.g..y.r.p.g....fG<......M...r.....c..,...FJ,W...2G...d.9Q.4..5{4D...,._Oe.......Csbw.M~......dU.........j.0W.....r...'.s6..S......n...E...V@..e.$V....rfeN7.I...z+..`..R.,.N.]...>z..i#.*.~b.....N'..~0go.].*....I.e.x........[.S......IEND.B`.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\images\fast_off.png

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):620
                                                                                                                                                                                                                                            Entropy (8bit):7.532871627537594
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12:6v/7iQz6urs3fgXgJX3MrE5s7j9dtn2ZA7FkmIA7:2WfgXCXkd14XmIC
                                                                                                                                                                                                                                            MD5:F775E05DAB18F69D2901B12299E63A16
                                                                                                                                                                                                                                            SHA1:B13CAB82F3B766E77589C8F99777FF27DC914FAA
                                                                                                                                                                                                                                            SHA-256:88D3DC2159DD31907CCD68C01102D94501476837998072B88DB6006AA459EB30
                                                                                                                                                                                                                                            SHA-512:9BA707E41DD3C971245BC45E97EAD1BC3FCE037FF5DEFCC4780744F1A87BE3F7B09DCC73446F952FD9B39D372431841C7355A3B16DBFF7FC05E23A94075D0B48
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.PNG........IHDR... ... .....szz....3IDATx..WKK[Q..sk........ D.Q.'...R.BE..(>VJ...."A...D.7......_..|SO8..s...B.......I ..{<;...,..|..:J.|...c.9.M..n.>.c(...+}D..8.h.%.e......\.BU..<...:..ls.@...g../v.J....\Fb.....;...;.QsO?...9.G.................48...`.M..8.0.....C..C.x7..j...0...X<.sI....L%..)...b.v....o.....Z...:.........8...U@@....)....`.V-.._7V.....k.E`....[.g&z....'[z'R.8.}y.t.p,.2...........t.........s.....j.B-*y.@.r..Q._dG.kM#;>u..6..W.:...9f/.b..:].l..j8..m.0.....zs.99...*N..#....mu..DjB....E.+....'F>..&N.X.2@({.(..{....$;..j...Y.>..:..d..x......~.7{C..O.....:0a......Giu.....IEND.B`.

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\images\grad.png

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):9728
                                                                                                                                                                                                                                            Entropy (8bit):7.962335133869884
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:sqd9LjOc71eEd9G7zIGHO3mgUD4Z2q5DO0sAmasbPbLiovYT7hE6/6co0il0:sY9Wc7d9G7zlHuUZqECma9/H/X
                                                                                                                                                                                                                                            MD5:DF9772D8383B587D8E0E2D78C1DECE5D
                                                                                                                                                                                                                                            SHA1:C7371EDD4272592A373E04A9B3A4D06C26A8DA0A
                                                                                                                                                                                                                                            SHA-256:F513EC17BA8716C92D362D0D892CC74ED5F5B1B45EA857D9F7D63794840696C6
                                                                                                                                                                                                                                            SHA-512:EC89CA890BEB39B2DD2DFC3CE91A93626F37305FCAFAED1185AD781EE5E10329AC75ACF5386F478B5627CBEDAA5F34DC6D6FAEA38A621EB589065DAF0E790C70
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.....p.T...KiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about=""/>. </rdf:RDF>.</x:xmpmeta>.<?xpacket end="r"?> I.:.. .IDATx.}}Y.lI...O.7Te.!.-.. m.7...C;...C?...*_8.A.......8..4.8..x....?e&.....;....D ..5.......F..H.5:.....vt}V_HT..rc....vw..w.Ym.......F .@d.e....@D"..H ..~......].....}n..i+...#....."..=..O5.B..(..=...$.=.P...N9...Q..R5..........P...q...zI)..{..\......C@u....7,...].wa...k...5..x..6..k....%.....N..H..#..5.h......v....#B.s..>z...f8.5.W...e._."B.sX.1.h..s7.Y.#..M...T..3gr....T.N|.......F.}.o....B#c..<A.j....HU.'.oY....[..=..h.r.....1a.!....p..<&s.......OJf.@`h.......e.1....c..W..k.._..Sx...K...}.i...8q.H....R.7.*.....:pK.'bN.8.b.<'q\;8....YV...'..9...SL.ZN...........GZ.N./..&Mz

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\images\msft.png

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:PNG image data, 172 x 73, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):5011
                                                                                                                                                                                                                                            Entropy (8bit):7.9230181220317215
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:bRci3PH/1hCVT+NCCGtcM/04yD57da+NjBYJcxKCP2:bRci31kh+NCCVM/A7da+NjBAlF
                                                                                                                                                                                                                                            MD5:9D3989274A9F42CE68270B6D62740980
                                                                                                                                                                                                                                            SHA1:257C28BABA104DCC8A15AEBE823FE944D9900FA6
                                                                                                                                                                                                                                            SHA-256:8CD8503A2ACB24D6B8B744A37300B71FBCD7E6EDE767F78C3747C5B4CE7F545E
                                                                                                                                                                                                                                            SHA-512:C6DE4375475AA556408AC8A16C7601E4934E10EF7B2675D161EB98FB5FD28A957E021D13227CC71880B6E51E53E3BA7CA2E38E4E3CAA8488A673D4536608BA81
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.PNG........IHDR.......I............KiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about=""/>. </rdf:RDF>.</x:xmpmeta>.<?xpacket end="r"?> I.:....IDATx....]Uu.?.4....ID .dB.Q.). D.....b.6Am...CEk.;.Z]..&b..6.R..t.4jQaa.J..!..$.!N..!..y.$.......=..9...&...]............{_....V`9.8r..X....b.sX.t..%h+T0.+#P.....!.1.........v....X.t..}.Y@......Fx....z.".......]..m...>..n.L.;.2.Q.xa@....h..@[+.8.+....j..*.K.r.....R...y7*...w......-...l....TC.....|..].h.:.G`.v....u..0ok.......`....-45T#z,E............B..v.i...{.`.;:...o.T..uH..RT`|..c.*...r4=..B2G.Y,G.6.....}U8....h8.Ff...5...FT...h...mE........!..h...x.%r..V.hD..p..`.]B.....p5w....,.5Th.m.~*.=..j&A.C.....Pa.*...R...BK!...Q.....<...D.1.=....>...p3pV..F..*.<........S.-...z..}.2O..I..J.8.5

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\images\patent.png

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:PNG image data, 95 x 43, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):9406
                                                                                                                                                                                                                                            Entropy (8bit):7.94022430872657
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:EIIHUCD4wacvaKWaFGlENytchQA1QIEM91eBm:60wsKWaFGlEMtchQALv1im
                                                                                                                                                                                                                                            MD5:A325C56AC5095D3459A31023CBDDAAD8
                                                                                                                                                                                                                                            SHA1:77D2CE1EAA9775D901DC79A329D324C5F20F0E75
                                                                                                                                                                                                                                            SHA-256:2E7C88199F79F7EE899DF4333E85EA8959C6B156C1EA96DC0F0A1D3FE7D48F0E
                                                                                                                                                                                                                                            SHA-512:256D0826778D9B77FA79C4F6EDD482B9969276AE58EAD3514010EA937C5966F00E7FDFEA3938F8437402C76124E671DA0F902A2CFABF9DDC1A4C6EA8399D8A64
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.PNG........IHDR..._...+.....i.d....CiCCPICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O......:..L..$R...J5e?

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\index.html

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):8057
                                                                                                                                                                                                                                            Entropy (8bit):5.182970887860503
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:++HHSG5HwOabNX2XlIbsfM3YOOOGbp/fHypKind/RDaW4pTfj+OYQvALQw72fkKu:yGh32GXHM3VMxWd47fj+OYQvAP7OkKmx
                                                                                                                                                                                                                                            MD5:B4F0BB84798327AE57D08BAF6CB8D542
                                                                                                                                                                                                                                            SHA1:B96C6228104932CBB077C2696604520821F2A2B1
                                                                                                                                                                                                                                            SHA-256:2E96643BF6954FF8F2E4CA79CBE61C187CC5B483F2691F0FBE5444FC26FA7CD3
                                                                                                                                                                                                                                            SHA-512:46189DA5F7C017C6B2A22E0C1A43BD169E9D0D1271ED3B51F1A6D7138C0891687B8F2C55B1DF673D32C9136E8D892A734F486D5ED3DD7FB90AD5968840A917BC
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:<html>..<head>......<link href='css/opensans.css' rel='stylesheet'>..<link href='css/style.css' rel='stylesheet'>....<style>....</style>......</head>....<script src="js/jquery-2.1.4.min.js"></script>..<script src="js/circle-progress.js"></script>..<script src="js/chart.min.js"></script>....<video id=fastvid style='display:none; position: fixed; top:0; bottom:0; left:220px; right:0; z-index:0;' width='100%' height='100%' xloop nocontrols xautoplay>...<source src='vid/fast.webm' type='video/ogg'>..</video>......<body style="display:none; background:#111514;">....<div id=welcomeToFast style="position:absolute; top:150px; left:100px; font-size:42px; display:none"></div>....<div id=topHeadline style="position:absolute; top:25px; left:0px; width:100%; text-align: center;"></div>.. div id=topActivateBtn style="position:absolute; top:40px; left:0px; width:100%; text-align: center; font-size:14px; cursor:pointer; Display:none">Click Here to Activate Immediately</div-->....<div id=minimizeIc

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\js\chart.min.js

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (65327), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):158750
                                                                                                                                                                                                                                            Entropy (8bit):5.366119866830528
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:OXZdEOLRr3NejQIooAIf9olnc3mfxZEtgsIC+Mc+CXxrP7eZYOcHBCF2RrUsAclj:4LetVBxpSxr6iHS2g+meI+B
                                                                                                                                                                                                                                            MD5:217CB5D4EA048DE6BD91DBCE1B3BC12E
                                                                                                                                                                                                                                            SHA1:C62B51022581122005182D235D78C19B8D53509F
                                                                                                                                                                                                                                            SHA-256:FEFEF4C25BBBDC09D6000B14AEFDAE1398A0A215E5402D6DF86C61052D49D408
                                                                                                                                                                                                                                            SHA-512:98A96C4B779E7CFD10447BD6E843AD6E97FDE08B3C1BD70FBB0C10F5533FF4D1E95ED3B965B152781BC1E198F2979E9B28E5030CAD9893ADCC0FAA012A88D445
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:/*!.. * Chart.js.. * http://chartjs.org/.. * Version: 2.7.3.. *.. * Copyright 2018 Chart.js Contributors.. * Released under the MIT license.. * https://github.com/chartjs/Chart.js/blob/master/LICENSE.md.. */..!function(t){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).Chart=t()}}(function(){return function o(r,s,l){function u(e,t){if(!s[e]){if(!r[e]){var i="function"==typeof require&&require;if(!t&&i)return i(e,!0);if(d)return d(e,!0);var n=new Error("Cannot find module '"+e+"'");throw n.code="MODULE_NOT_FOUND",n}var a=s[e]={exports:{}};r[e][0].call(a.exports,function(t){return u(r[e][1][t]||t)},a,a.exports,o,r,s,l)}return s[e].exports}for(var d="function"==typeof require&&require,t=0;t<l.length;t++)u(l[t]);return u}({1:[function(t,e,i){},{}],2:[function(t,e,i){var o=t(6);function n(t){if(t){

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\js\circle-progress.js

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):15899
                                                                                                                                                                                                                                            Entropy (8bit):4.76323863494514
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:wPeb21wglBqMcF14UxkPl/wxmFM2g7nR2Juv:n2W+qMGoVFM2UnR2Juv
                                                                                                                                                                                                                                            MD5:0912DF1CB8BC4B1D791524EC962FE932
                                                                                                                                                                                                                                            SHA1:ED06DCF2219A3AB5682E087D70B5177D6E182990
                                                                                                                                                                                                                                            SHA-256:0014E3CFD890D2C64B9AA76C610E6FCEE5800D1D23A0DCDA964BCC7F3F95EBA4
                                                                                                                                                                                                                                            SHA-512:D70D26073FD0C9D58B8FF0090D86BA4C2C4A1F51757603384C599B30137C2CE8440C59AE3F138B8B063A21F4F15043B5703438BC7FB92CE53B3EE9698800429A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:/**.. * jquery-circle-progress - jQuery Plugin to draw animated circular progress bars:.. * {@link http://kottenator.github.io/jquery-circle-progress/}.. *.. * @author Rostyslav Bryzgunov <kottenator@gmail.com>.. * @version 1.2.1.. * @licence MIT.. * @preserve.. */..// UMD factory - https://github.com/umdjs/umd/blob/d31bb6ee7098715e019f52bdfe27b3e4bfd2b97e/templates/jqueryPlugin.js..// Uses AMD, CommonJS or browser globals to create a jQuery plugin...(function(factory) {.. if (typeof define === 'function' && define.amd) {.. // AMD - register as an anonymous module.. define(['jquery'], factory);.. } else if (typeof module === 'object' && module.exports) {.. // Node/CommonJS.. var $ = require('jquery');.. factory($);.. module.exports = $;.. } else {.. // Browser globals.. factory(jQuery);.. }..})(function($) {.. /**.. * Inner implementation of the circle progress bar... * The class is not exposed _yet_ but you can create an instance through jQuery method

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\js\jquery-2.1.4.min.js

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (32025), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):84349
                                                                                                                                                                                                                                            Entropy (8bit):5.366942924126885
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98HrA:f+41hJiz6fhdlTqya98HrA
                                                                                                                                                                                                                                            MD5:B0DC11D0A434AAFE88908C7F33D71095
                                                                                                                                                                                                                                            SHA1:1327F754FF87D26BCED46568543207E9DF190AAA
                                                                                                                                                                                                                                            SHA-256:DE4B3C3D1DC2506B6693F0F98884E1DC074CDA9D66CAB39B7B48A115FDFC4C0F
                                                                                                                                                                                                                                            SHA-512:177719EF74C4593E139FD254AACA5590B108338F1139041E24C56CA212BDC61CBFDCE9799C8A51FD7B67E587B920097294E834FDACE5127BCCA9CE2877F48EA0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:/*! jQuery v2.1.4 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,funct

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\js\ui.bin

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):68976
                                                                                                                                                                                                                                            Entropy (8bit):5.889116979833995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:Y0m1egzPi8K4gAUJNLtxgc+RcvJoEiCO3M6t:01egu8K+iGbEiCkt
                                                                                                                                                                                                                                            MD5:ACCB2AD77AC6227F870DDDB5C85A7CA5
                                                                                                                                                                                                                                            SHA1:B11E8B0EF653484AB642F7209CB320FA8737D54E
                                                                                                                                                                                                                                            SHA-256:1B1408C45847403380B056820280BD8ECE7AD98ADE5D2A046A574A0EDBF1B3FA
                                                                                                                                                                                                                                            SHA-512:E4DD6408E110A3A6C6DB6917C9BD972AABE3CCF2CFC36059D2AEAE9B517CD534B76D1BA3529BB542E478563CAAA2C394EDB1CD5F531048B523678CE74B3F4F42
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:....v.C.+........GHL........4....3..R..6l....0...............T..... ...........................U...p.m.......................................gui.........a.............z.....https...............8W1....win.............N&....bClosing...........>/......bRunning...........}.J....bFirstMinimize.............j......bExpired........ ...u>"...bInExpiredSetting.... .........V.N.....bEnterKey....$..........uD. ...bInActiveSetting.(...........67....bTrial...,.................nTrialLeft...0...........:.....nMaxInterests....4..........N[h....bShowInterests...8.........u.)....fast_UUID....<.........Z.......fast_Version.@............_....defaultBrowser...D.........B.S,....bFirstError..H...... ..v#.."...bFirstStartReport....L............x....bTutorial....P...... ...4.&...bTutorial_apps_word..T...... ......(...bTutorial_apps_excel.X......(....%.2...bTutorial_apps_powerpoint....\...... ...U..$...bTutorial_apps_pdf...`.........*..;....fast_urlPixel....d..........g.M....bSurvey..h.........6.i. ...n

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\js\ui.js

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):45
                                                                                                                                                                                                                                            Entropy (8bit):4.461530252405225
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:+BKSLDrbIoMLNLQJlWsren:+Dn4oRVre
                                                                                                                                                                                                                                            MD5:FE10063F4A895C45C6F50E4B031A7B7E
                                                                                                                                                                                                                                            SHA1:6B2E8F116DBDD03A7AD19C0C156C0C3824AA1AD4
                                                                                                                                                                                                                                            SHA-256:FE3E5FDBC7265A8463D2AB98D7066DF486717A760501CBCFB3E8EBD7478CCAA5
                                                                                                                                                                                                                                            SHA-512:36A8EA42F7D35192DF68246520A7F91946A8E7DCF3747112C6FB2DBB9159F2DC31AF527BC0A66772EE379E08C3036E16D6B191DC34AE0B3D324BC42F83EA32FD
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:nw.Window.get().evalNWBin(null, 'js/ui.bin');

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\notify.html

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2146
                                                                                                                                                                                                                                            Entropy (8bit):5.34504763642635
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:d8WHoTFEdD8WN8FiYtiC3ld7srBGVDmVeDt3swsLqgo:HHoZnHtj3lt4G12mjsWr
                                                                                                                                                                                                                                            MD5:0EFCBAE441CA3AB09B12EEFE2F24A899
                                                                                                                                                                                                                                            SHA1:B2A1F4E83DDD60E2C0B81106B6DEE20011531CA4
                                                                                                                                                                                                                                            SHA-256:2B4F2DAAAD6A8B1299095A7E2815210E0D4DABA14064AEB61908C0BEB83E9F17
                                                                                                                                                                                                                                            SHA-512:83A614ABA419B134BDA3CD3DE5CF6A3F42F2F2E6C1DE3DE8717FE4118D7F7A91DC4118FE190F9563E0702BC1547408ED2D57CCC4FCCE083EAB684DD286CE287A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:<html>..<head>....<link href='css/opensans.css' rel='stylesheet'>..<link href='css/style.css' rel='stylesheet'>....</head>....<body style="background:transparent; display:none" onclick='onClk()'>..<div style='position:absolute; left:0px; top:0px; bottom:0px; right:0px; background:black; opacity:0.4'></div>..<img src='images/fast.png' style='position:absolute;left:10px;top:40px'>..<span id=notifyClose style='position:absolute; right:10px;top:10px;font-size:10px; cursor: pointer; display: none;' onclick="event.stopPropagation(); closeMe(1);">X</span>..<span id=notifyText style='position:absolute;left:50px;top:30px;font-size:16px'>..</span>..</body>....<script src="js/jquery-2.1.4.min.js"></script>....<script>..var gui = require('nw.gui');..var win = gui.Window.get();....win.x = screen.availWidth-win.width;..win.y = screen.availHeight-win.height;....win.setAlwaysOnTop(true);..win.show();....$('body').fadeIn("fast");....function getQueryParams(qs) {.. qs = qs.split('+').join(' ');....

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\package.json

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):312
                                                                                                                                                                                                                                            Entropy (8bit):4.570340142450805
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6:3HWLGbc65cCRvFNKM1G8/BoFkSH4xIr0HHvFJ8NjDIqONUVFyN8uNMukIAArVn:VQ65cCRv+8/PSYxI4HHuUTNUuOukIA0
                                                                                                                                                                                                                                            MD5:D3EE484385399A9304C2010F6E55A4CF
                                                                                                                                                                                                                                            SHA1:7D7ED5838A54FB6218796F810274CDB1294A1E40
                                                                                                                                                                                                                                            SHA-256:C465D915F6C70D3DAEE88BB14DCC9102160EFAEB33CC925D0E4CF5E95241314E
                                                                                                                                                                                                                                            SHA-512:DB88E39559A4B099B1BF44C80D806D239C3831B919F6FC9850153C83994BDCA35DB680CA8F5B3D752C8813E666AB22AC80593E75F3D5A16C7A5C05CDDCF0DB7A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{.. "name": "FAST!",.. "main": "index.html",.. "window": {.. "title": "FAST!",..."icon": "images/fast.png",.. "toolbar": false,.. "width": 800,.. "height": 450,.. "show": false,.. "resizable": false,.. "frame": false, .. "show_in_taskbar": false,..."always-on-top": true.. } ..}..

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\ui\vid\fast.webm

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:WebM
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1160514
                                                                                                                                                                                                                                            Entropy (8bit):7.901652490507714
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24576:3iZISjCDYvM5+1t0F/5ePRUgkzO2uk1H08sruk/+xURY7KjOslU2:FYAA0F/5ePJ2uka8sSk/qxsJ
                                                                                                                                                                                                                                            MD5:8A11E17C5B16557AE39C76966F355ADD
                                                                                                                                                                                                                                            SHA1:191AF04A6CAFC37DD4DD1C818F2EEF3EC31F65CB
                                                                                                                                                                                                                                            SHA-256:95746E5F06053CAEBCDA80E65EC58FABA62D07B054F1D7B3B9EC4A345DBB7B4C
                                                                                                                                                                                                                                            SHA-512:A99028B7D372491D3AF834D92AFFBF1C7506603DCC3CFF8662F1097AE1AC81F7B94393606D37CC074960078FD34BD687BCCB189EE57E5D7F46CE8D374BA179C6
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.E.........B...B...B..B..B..webmB...B....S.g.........M.t@-M..S...I.fS...M..S...T.kS...#M..S...S.kS........................................................................................................................................................................................I.f.......2*...B@M..Lavf57.76.100WA.Lavf57.76.100D..@.X......T.k.......U........L..s....."...eng..V_VP8...#....U........ ...T.......T...UT....U..U...U....C.u...........J..........*T....G...........z%.>....'e~a...'.O.E......H..................0?......+..._...............Jo.?...i?......U.;.@.....X./.x.U.m._.}D.o.o.;{P.c.......?..1<..&.....>.w.....p?....;.........7.O....v...W.7...../.......{...>..*..7....c..3.:.p.f..A......1.y..........9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&..

                                                                                                                                                                                                                                            C:\Program Files (x86)\Fast!\uninstaller.exe

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):475630
                                                                                                                                                                                                                                            Entropy (8bit):7.908089419764263
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:WbsP/n/O5HR03nKx/K8j2C/PgAI6A1sAJ:WbsP/n/O5HR0Xz8jDvAW4
                                                                                                                                                                                                                                            MD5:2573750504EE022336E008A6CE96BDFA
                                                                                                                                                                                                                                            SHA1:FF44EABC4E484BF7B879719E0026F2BD0A1F2130
                                                                                                                                                                                                                                            SHA-256:CE982081FD3295E2F836B28E7DC9F061188BD10155B75FA9505BF43A7F50BBD9
                                                                                                                                                                                                                                            SHA-512:C886DEDA01990C7AAEAB5F75FFE0AE38920767312A72AD0D449FF1C280F5616DBC7B62D867779E3E38D525963382434E35EFAA5B7F4238B5FE75E6B03B90CC92
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@...................................1...@..............................................L............0.h)...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata...@...`...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.chk

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):8192
                                                                                                                                                                                                                                            Entropy (8bit):0.35999246155449205
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6:6xvoaaD0JOCEfMuaaD0JOCEfMKQmDQxvoaaD0JOCEfMuaaD0JOCEfMKQmD:VaaD0JcaaD0JwQQXaaD0JcaaD0JwQQ
                                                                                                                                                                                                                                            MD5:05D40140A9F48E41E7916377A71CB444
                                                                                                                                                                                                                                            SHA1:927426B8D39B22BA41FCC150E2BF6CA10A3BCFB3
                                                                                                                                                                                                                                            SHA-256:2D2A456A1CE20B3F1DA1E76CD5A9CFF68D95A1CA55F5362969D7BF28B25A5693
                                                                                                                                                                                                                                            SHA-512:E71ABFA058B3489DE1DCAB48114261BC7E4AEC9CBCFDAF2F90326D6F19DBC5F3BA57A104E185BB3BD450DF5F9A2FF001BFF20E95461925F2EFE3C8B1B4D68A18
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:*.>...........J.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................J.............................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                                                                                                            Entropy (8bit):0.49846685012992065
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:cJNnm0h6QV70hV40h5RJkS6SNJNJbSMeCXhtvKTeYYJyNtEBRDna33JnbgY1Ztau:cJhXC9lHmutpJyiRDeJ/aUKrDgnmY
                                                                                                                                                                                                                                            MD5:18495A992BEEB1C240EA1CC258AEB6CA
                                                                                                                                                                                                                                            SHA1:7B4C1C971D24E179F65A0651479D617C33B5F907
                                                                                                                                                                                                                                            SHA-256:50D1E74BA6BFF31396E832FFDBBBC8EBE8305D2D188781AD0604A1AA6E45EBDD
                                                                                                                                                                                                                                            SHA-512:4F95BBD45FA8A8BFA2418D2E2D8D151BC565D917C9867DB2382F5F8F36632AC2F9A13457A70E21F6A8BA565EC85B8E92F60D3E8785EB5EF7ECFBF68D18E57599
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:^.;V........@..@-....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@...................................&.#.\.#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0x76ed4d59, page size 16384, Windows version 10.0
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                                                                                                            Entropy (8bit):0.583421892743775
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:XSB2ESB2SSjlK/e5m0hnRJjAVtutYkr3g1652UPkLk+ksLZiAcZWzAkUk1kG/w4n:XazagFaC2UizN/w4wdi
                                                                                                                                                                                                                                            MD5:E03E0E1A3357F8B008AFC17745E0A748
                                                                                                                                                                                                                                            SHA1:AFD46987588D5D5721CC95FCEA94C031287856B7
                                                                                                                                                                                                                                            SHA-256:4BBBE47A6AADA178186DB9CA34AAA441A3AB3D1F51A53C429B3FC515CDACFA51
                                                                                                                                                                                                                                            SHA-512:773B4AF16FC7581C5FEFB7E239357A48081C2571C8EA38F4624ED1949B45C6405279733908E2D2AA4B6A2B5F283FE84D19CBAE2BC967FCDE7C07D0F15E739A24
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:v.MY... ...............X\...;...{......................0.I.....5....|i.*....|..h.F.....5....|i.0.I.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{.....................................j5....|i.....................5....|i..........................#......0.I.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                                                                                            Entropy (8bit):0.08002737107884964
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:DRWVetYe4yjnvl/JgxqgZMv/gZMvl/Jpyvl/illTH//lll/TP1/l:NPzJ9Bgsd4eRf/ljFl
                                                                                                                                                                                                                                            MD5:44CF8962BE7B151BB8B887D39A98D81C
                                                                                                                                                                                                                                            SHA1:CE30BA058C82B511A6588BAA1824C1A6862C1513
                                                                                                                                                                                                                                            SHA-256:69832AFFBE40C3B045759252B66D8574D462D6108A13F383D1456271D704CF0B
                                                                                                                                                                                                                                            SHA-512:3811F1406F4EE553992D611192312DF2D8B8E5B78506C7D2D2990FD6572D567ABBAA6107357D68196E4B72A38D72E9AE8587B2302E5CB0D07AAE6A64079A64B0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:#1.......................................;...{..*....|..5....|i.........5....|..5....|i.x...5....|i.....................5....|i.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\44d7929e-8a15-42ea-a5cc-de1a772c1e5b.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):12046
                                                                                                                                                                                                                                            Entropy (8bit):5.11302127258662
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:yChmoAGLCq1Iay8asbKTelqwJ/mw5LLPTqJW0W3H0/qjW1LbO7hRhUYfC:y4mXxmPEcxXPn0QH0SoUbfC
                                                                                                                                                                                                                                            MD5:11D81E40098B6C92D30517BDBF462A3E
                                                                                                                                                                                                                                            SHA1:B1B725CAE61595220CEAA98F2A17D98BD46A35AD
                                                                                                                                                                                                                                            SHA-256:94DCBB7A5F24A9CF36F031FB6563467C014F6D3BA6A2A78DBB1731634CDC7508
                                                                                                                                                                                                                                            SHA-512:915A3B67FAC9A48C77E071BC63A8C3416A733F7BA96C9FA09F9C19321882EBA7E7248D2626FE20C3DF852DBBA87F57236BDD27009E33DA8C9204B910BDA0AD00
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"hardware_acceleration_mode_previous":true,"password_manager":{"os_password_blank":true,"os_password_last_changed":"13351619531443634"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"*Shockwave Flash*","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://support.google.com/chrome/answer/6258784","versions":[{"reference":"https://helpx.adobe.com/security/products/flash-player/apsb15-18.html","status":"requires_authorization","version":"18.0.0.209"}]},"adobe-reader":{"displayurl":true,"group_name_matcher":"*Adobe Acrobat*","help_url":"https://support.google.com/chrome/?p=plugin_pdf","lang":"en-US","mime_types":["application/pdf","application/vnd.adobe.x-mars","application/vnd.adobe.xdp+xml","application/vnd.adobe.xfd+xml","application/vnd.adobe.xfdf","application/vnd.fdf"]

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\72ff5038-04e8-4dc6-b857-c6445364ac12.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1702
                                                                                                                                                                                                                                            Entropy (8bit):4.8408671939240815
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:YN+yiZJpaL4FsJ9DotoJ4Sw9IMG3wPUHJNE7BAJasnTifQ70xzUWKx6gyHe42HCI:YNk3p6otovBH36BAJ6fO0fKche49hJa
                                                                                                                                                                                                                                            MD5:4F583DEE4B97FFCC6EF4C21286C9DAB2
                                                                                                                                                                                                                                            SHA1:69AB5BF1CCD0307EAAF4540439105376427D76A0
                                                                                                                                                                                                                                            SHA-256:C0A4A16F7BBBAAB03236DEF727AC76CCC56C576D9B73B7A6159C4C2DC6FC9D77
                                                                                                                                                                                                                                            SHA-512:C4F91B332B5F28DC5BE10EAD90E272BDEF5847FED6D66898143A59D35D42A71AF5BEC54F488F6061F21B453FAEE78FB8107D26DF70D003152C3F354D48E9817B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"hardware_acceleration_mode_previous":true,"policy":{"last_statistics_update":"13351619490353527"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351619489209135","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351619490510484"},"uninstall_metrics":{"installation_date2":"1707145890","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_id2":"afcd57bd-6577-4165-83f7-cce23c949d04","client_id_timestamp":"1707145890","low_entropy_source2":6917,"machine_id":2786370,"ses

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\95278d72-d2e5-41d2-9ebc-e3464eb93b87.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1759
                                                                                                                                                                                                                                            Entropy (8bit):4.842638343359279
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:Y6S1e/y+yiZJpaL4FsJ9DotoJ4Sw9IMG3wPUHJNE7BAJasnTifQ70xzUWKx6gyH7:YLfk3p6otovBH36BAJ6fO0fKche49mJa
                                                                                                                                                                                                                                            MD5:AE56AA35AD118B5204DE4521FE99DF8D
                                                                                                                                                                                                                                            SHA1:28C40748398DE822727089368C8380E166004AE2
                                                                                                                                                                                                                                            SHA-256:71EDC5697FF7D932986BE9665521F1BC69E14E0C59A97D01E32973250DCD098D
                                                                                                                                                                                                                                            SHA-512:41DB2EE3021D44D02549ED332B1DFFB7F9213714D28B1EA8786DDA12A1F43490C924D2AC7C75A1A58F9CAB1E7D5AB0734F834F79128C1C4D3C4C5A38C207D5B9
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"hardware_acceleration_mode_previous":true,"policy":{"last_statistics_update":"13351619490353527"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351619489209135","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351619490510484"},"uninstall_metrics":{"installation_date2":"1707145890","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_id2":"afcd57bd-6577-4165-83f7-cce23c949d04","client_id_timestamp":"1707145890","low_entropy_s

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\BrowserMetrics-active.pma

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 32768.000000, slope 43.583313
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):8388608
                                                                                                                                                                                                                                            Entropy (8bit):0.10266022279966294
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:c+wFgT8cfGYBSRHJbAuQxB8W4sevpM8kTV7WDK:c+wFSBwRSB8W4sevpMNTV
                                                                                                                                                                                                                                            MD5:488588FD8F5EAA251ECE185B5E9379C2
                                                                                                                                                                                                                                            SHA1:166DBE9A4F27C6B6A9CEB79EE8FAEB353E9E3E24
                                                                                                                                                                                                                                            SHA-256:D10D912A941BE3F207454BE9F8614CE3FA436937B815B01EF2A858D694CDE7F1
                                                                                                                                                                                                                                            SHA-512:8AD0FB3043DBB34722A25B8B2A4666640B3F97FD99AF4A1483C9897B3B469F71EBD42BC95633AACE3FF2D25AFB5FFB8200D4920618FF6CEEA1BD3344A851A626
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:...@............C.].....@................!..8!.................. ...i.y.........BrowserMetrics......i.y..Yd.........A..................._..-....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....0...i.y.[".........................................i.y..Yd.`.......A....................O.`.....qH...#o........e.....e..qH...#o................UMA.CreatePersistentHistogram.Result....@...i.y.[".........................................................i.y.Pq.3.....R.........62.0.3202.94-devel".en-GB*...Windows NT..10.0.190452...x86_64..?.....".P....$.. .......TLS13Variant....Experiment..............UKM.....Enabled..<..8.......BrowserScheduler....RedirectWithDefaultInitParams....(..$.......VideoCaptureService.....Enabled..,..(.......NetworkQualityEstimator.....Enabled.............QUIC....Enabled..$.. .......TokenBinding....TokenBinding.4..0.......NetDelayableH2AndQuicRequests.......Enabled3.(..$.......ThrottleDelayable.......Enabled..H..D.......SettingsEnfo

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):8388608
                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                            MD5:96995B58D4CBF6AAA9041B4F00C7F6AE
                                                                                                                                                                                                                                            SHA1:5FDE1CCE603E6566D20DA811C9C8BCCCB044D4AE
                                                                                                                                                                                                                                            SHA-256:2DAEB1F36095B44B318410B3F4E8B5D989DCC7BB023D1426C492DAB0A3053E74
                                                                                                                                                                                                                                            SHA-512:CF76CCA4E0F874D508F7E40FB84ABC5789CA5F96C1E54E064F3BE302766A59FC15A2EFB7FFCC9692D13B906B2FE5A0215520D5E232AC69C754F2ADDB069580DE
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):8388608
                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                            MD5:96995B58D4CBF6AAA9041B4F00C7F6AE
                                                                                                                                                                                                                                            SHA1:5FDE1CCE603E6566D20DA811C9C8BCCCB044D4AE
                                                                                                                                                                                                                                            SHA-256:2DAEB1F36095B44B318410B3F4E8B5D989DCC7BB023D1426C492DAB0A3053E74
                                                                                                                                                                                                                                            SHA-512:CF76CCA4E0F874D508F7E40FB84ABC5789CA5F96C1E54E064F3BE302766A59FC15A2EFB7FFCC9692D13B906B2FE5A0215520D5E232AC69C754F2ADDB069580DE
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\CrashpadMetrics-active.pma

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1048576
                                                                                                                                                                                                                                            Entropy (8bit):0.007525918861634288
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12:bHixXAVMMOKEKSCemJKlkQPdl/JG89Hy3aJ0oMFgigpCbUyqpYJ0X:bYQOMzBS+Mk0/JvWoMeigp1yyYW
                                                                                                                                                                                                                                            MD5:6FCF85BB744C90F434F8E77D359DD00C
                                                                                                                                                                                                                                            SHA1:26755B437DC4B3CE7DBD26B56CD02C481ADE41C6
                                                                                                                                                                                                                                            SHA-256:C52C8E71179A8FBD88359A8894EB514F9FFD5400AD46A94BD175872662BCD970
                                                                                                                                                                                                                                            SHA-512:699848DB6A8A1E5CE02338C3AB248FD3B6C4D9185EF10AF472893ADF681AA89B1BCC526DD21200817E2C0CBC0589AA5196537B7126DB07506DA767E0BA0AAC1B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:...@....................@...............h...................X... ...i.y.........CrashpadMetrics.....i.y..Yd. .......A.......e............,........5l.*...................5l.*.................UMA.PersistentAllocator.CrashpadMetrics.UsedPct.h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.`.......A....................O.`.....qH...#o.................qH...#o................UMA.CreatePersistentHistogram.Result....@...i.y.[".........................................................i.y..Yd........A...........................?....{.................@....{.................UMA.PersistentAllocator.CrashpadMetrics.Errors......i.y..Yd.0.......A...............8..._..-.....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".....................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                                                                                            Entropy (8bit):3.3454618442383204
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:FkWXlsJYqy:9oHy
                                                                                                                                                                                                                                            MD5:372681F49DE1646E37BFD388C7EA25DB
                                                                                                                                                                                                                                            SHA1:DEF54A1540B928397E7C50E302253D72EFE55198
                                                                                                                                                                                                                                            SHA-256:935747B96255D8AD01842A7B309123A2534000C6AF63D11DA6CDCA91B6A8A372
                                                                                                                                                                                                                                            SHA-512:6A817BB78882CD52A05B8F0192F236A2C6A7D20FE499679D195440E8029001EAFAE009D85032193892700B04D5B8845F81C4DAC58FC8D5C6700C2FB27F34E153
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:sdPC....................'..,.+w@......[d

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\23a4c921-2d74-404b-bdcd-f7b9e5e59437.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1708
                                                                                                                                                                                                                                            Entropy (8bit):4.822093654536093
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:Ycxi7qGoTwA8cWpfceHQg4qoB9eSnqKzJAOL:nxFd/WSe2qoOvW
                                                                                                                                                                                                                                            MD5:F4AFF8593BFDDBDA1116313191BFBB3C
                                                                                                                                                                                                                                            SHA1:5CE156239457B3098C216C5761A393E2683B4327
                                                                                                                                                                                                                                            SHA-256:B36AE1A870E0961669423FAC2BEDD97C9CC8E50B9059762FF6406F8973F6364B
                                                                                                                                                                                                                                            SHA-512:73D310EEDFC8007C217C118789906D2021856C502729408E4666224B54AA63C25D2D1615891F8EF1485A4C07059EB224AEAAD5610E1C677EC275E983B82B1E56
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13351619490436971","browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"data_reduction_lo_fi":{"load_images_requests_per_session":0,"load_images_snackbars_shown_per_session":0,"was_used_this_session":false},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"62.0.3202.94"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"invalidator":{"client_id":"/oyl8CWpSpcKBRkq8gpELA=="},"media":{"device_id_salt":"ERFDNMXkwzoLidW9fjDihA=="},"ntp":{"num_personal_suggestions":2},"partition":{"per_host_zoom_levels":{"x":{}}},"plugins":{"plugins_list":[]},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"domain_to_origin_migration_status":1,"exceptions":{"accessibility_events":{},"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_guard":{},"client_hints":{},"cookies":

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\2a0ae3b5-7c60-44e0-9870-b0f88795179f.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):151668
                                                                                                                                                                                                                                            Entropy (8bit):1.0550957398929903
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12:YcFpCkgfvMbb555555555555555555555555555555555555555555555555555O:YepCb8bBvK
                                                                                                                                                                                                                                            MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                                                                            SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                                                                            SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                                                                            SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\8168af57-79c6-49d2-8b3f-f05d504823de.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\8dcbbe12-8220-471f-bc53-3e4db2129593.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1670
                                                                                                                                                                                                                                            Entropy (8bit):4.827999028831368
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:Ycxi7qGoTwA8cWpfceHQg4qoB9eSnqKzJR:nxFd/WSe2qoOvs
                                                                                                                                                                                                                                            MD5:F87B28A242747780E3FD7CFC3637B665
                                                                                                                                                                                                                                            SHA1:3A7124392AEB47BE5B9B2EF8CFDBA54A1B2A0376
                                                                                                                                                                                                                                            SHA-256:7891E20C9FCD215273135F1C6568BE63BB7A8BA8F032D7334F2ECB95293C52E7
                                                                                                                                                                                                                                            SHA-512:B4C4288577315A8E7FF809A20F4E797BE256DFF3DC130211B2BE775B085E45875EC811EDDB4E4426B15708D0A440FD32077DF2773346A13E79E05161EA0EA3E4
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13351619490436971","browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"data_reduction_lo_fi":{"load_images_requests_per_session":0,"load_images_snackbars_shown_per_session":0,"was_used_this_session":false},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"62.0.3202.94"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"invalidator":{"client_id":"/oyl8CWpSpcKBRkq8gpELA=="},"media":{"device_id_salt":"ERFDNMXkwzoLidW9fjDihA=="},"ntp":{"num_personal_suggestions":2},"partition":{"per_host_zoom_levels":{"x":{}}},"plugins":{"plugins_list":[]},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"domain_to_origin_migration_status":1,"exceptions":{"accessibility_events":{},"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_guard":{},"client_hints":{},"cookies":

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):213
                                                                                                                                                                                                                                            Entropy (8bit):4.812589275797678
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6:Lt8tREFt7t7AhTG4yI4Qq2tet7t7AhXeLKI:OE3p7ITGLFKyp7IXeLKI
                                                                                                                                                                                                                                            MD5:5B6AF6A25C541E47268167FBD999E60F
                                                                                                                                                                                                                                            SHA1:6D7CC46543908952EEFAE026D64C6C10EBF3D088
                                                                                                                                                                                                                                            SHA-256:481499EB3637F16A39D9596FC309071E830CA4185E8AA19A8AA4E699C3D9A88A
                                                                                                                                                                                                                                            SHA-512:8913506EF4CE2CAF3540C6112491B05BA2898FDD7565E8F34DF9475ADE5463F1473A73EE741B7866F3CC3BE8454C6E4D029E9564AD3F502BCCDD3E8C401BAD03
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:....c...............Rnpaimmhhjcfhbdogdfcmlldgglpldhbm.declarative_rules.declarativeWebRequest.onRequest.[]x.\Bd...............Snpaimmhhjcfhbdogdfcmlldgglpldhbm.declarative_rules.declarativeContent.onPageChanged.[]

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):130
                                                                                                                                                                                                                                            Entropy (8bit):5.202686229087463
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:tR4OWTNfW2nYeKqFkPqLTVSRE2J5ja5jm4E/9eaPrjWIV//Uv:pGNVAq2PqLTwi2398aPrqIFUv
                                                                                                                                                                                                                                            MD5:91B7212954E4D53BE254B325E9DC87D8
                                                                                                                                                                                                                                            SHA1:E9C8363B5BB968F6E58DA6A76BAE815E4EECF53F
                                                                                                                                                                                                                                            SHA-256:13EAB08BF77993DEB1662E4FDEE6C39F8F207FB47B8CD05F40708FFCCC406A14
                                                                                                                                                                                                                                            SHA-512:BE3D8AEBC3501039474583AB6CCAC5825ED9C8AFD00B084E50C39CE986093315B44E095BBB4C5371E919628A31308FF6F3A560B5D9024194F58202D8382FF058
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:2024/02/05-16:11:32.750 4980 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):41
                                                                                                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\000001.dbtmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):114
                                                                                                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCT
                                                                                                                                                                                                                                            MD5:891A884B9FA2BFF4519F5F56D2A25D62
                                                                                                                                                                                                                                            SHA1:B54A3C12EE78510CB269FB1D863047DD8F571DEA
                                                                                                                                                                                                                                            SHA-256:E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
                                                                                                                                                                                                                                            SHA-512:CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\CURRENT (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):130
                                                                                                                                                                                                                                            Entropy (8bit):5.1542978132762824
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:tR4OWTNfWnAjweKqFkPqLTVSRE2J5ja5jm4E/9et4wkvWIV//Uv:pGNwVq2PqLTwi2398NIFUv
                                                                                                                                                                                                                                            MD5:6B209331DF5AB54027F0244AC9067062
                                                                                                                                                                                                                                            SHA1:5A637DF84FB64F208C74F400E9F2BF242C18DFB9
                                                                                                                                                                                                                                            SHA-256:D1E78F7965AFBD4B885BC38C2D7059422DB82FC763E15FF6BDD64D8677C5D18F
                                                                                                                                                                                                                                            SHA-512:09AF79F71FE7914F3FBCBAD13E01F7BF9D6195DE45AC37C024B86F1D43AE500D7C38DBF06AC6BB16B30F429ECCFEB057A790D968780B2C3C3548AC6ADBA10621
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:2024/02/05-16:11:33.760 5624 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State/MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\MANIFEST-000001

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):41
                                                                                                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Favicons

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3020000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                            Entropy (8bit):0.6974106810185087
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:LLibxh0GY/l1rWR1PmCx9fZjsBX+T6UwcE85fBmI:yBmw6fU1zBmI
                                                                                                                                                                                                                                            MD5:6B273279290A7D8CC5C0D6B149AEF7B3
                                                                                                                                                                                                                                            SHA1:B05EA3EC19517652200771C9C0D6E6D9B92DB4EC
                                                                                                                                                                                                                                            SHA-256:6B791C5F30F02AF1AD68DB86A9BE193091FD4E274FE71ACB07AB70DF4DAF37E7
                                                                                                                                                                                                                                            SHA-512:860B74B0B79EC7B246C119C6C93F1664D3D8487AEE6EDE255848A38AD9AC163DD2CD73F739D335863DDC661448E9B3F9F18465A9364C361EAA269B3216D3499B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .....................................................................................g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_0

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):8192
                                                                                                                                                                                                                                            Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                            MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                            SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                            SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                            SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_1

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                            Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                            MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                            SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                            SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                            SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_2

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):8192
                                                                                                                                                                                                                                            Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                            MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                            SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                            SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                            SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_3

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):8192
                                                                                                                                                                                                                                            Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                            MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                            SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                            SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                            SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\index

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):262512
                                                                                                                                                                                                                                            Entropy (8bit):9.629307656487099E-4
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:LsFl0ld7:LsFKl
                                                                                                                                                                                                                                            MD5:0A7DEF2D29654F1EF93D9592132D2593
                                                                                                                                                                                                                                            SHA1:838B16B07A053D2511FE8C78969A91E12E983974
                                                                                                                                                                                                                                            SHA-256:6E482067A491DC8AFE8A751B839C52D23DCFCC37FDD1A935D77C8EFDBE7BFC0A
                                                                                                                                                                                                                                            SHA-512:8E9BCFACF10326180869D08B65B0B484089AAF3B70B975E0338772FA645B86EE886D1E2847FA3A7D99FFB54826F75AE11771AC48CF976F80C9FE4F6E9F896820
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........................................H.-):o/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Google Profile.ico (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):151668
                                                                                                                                                                                                                                            Entropy (8bit):1.0550957398929903
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12:YcFpCkgfvMbb555555555555555555555555555555555555555555555555555O:YepCb8bBvK
                                                                                                                                                                                                                                            MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                                                                            SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                                                                            SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                                                                            SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\History

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3020000, file counter 1, database pages 28, cookie 0x16, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):114688
                                                                                                                                                                                                                                            Entropy (8bit):0.4386208553966929
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:TNHC3BdjNPp+suktLReRK+nVaNU74ePLrL2Iua6maxNPM5ETQTcrQHIvYysX0jpi:R0dvUVaN+LrL2IlLvU+kYysX0j4t
                                                                                                                                                                                                                                            MD5:96F006D0FEF18D0131B15F97CE6278E8
                                                                                                                                                                                                                                            SHA1:13F03F472C0F17C82C0BE62E831E87D5CB6D5A2F
                                                                                                                                                                                                                                            SHA-256:9871E1BF60DC1BA4D385737F94BC6A82521EF4826B8AB0C485DC96613C0D16BF
                                                                                                                                                                                                                                            SHA-512:5509EB3A0F09B4EC26A6DBB552239A584F1480900E55304A15681E25CD23ED1AD1E8739ECAF61181605F1D3F9664C1876F1CF6F92346590002FCCC301F8FEF81
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\History-journal

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):8720
                                                                                                                                                                                                                                            Entropy (8bit):0.21870618814804976
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:nHNlljq7A/mhWJFuQ3yy7IOWUXDlKtdweytllrE9SFcTp4AGeTuyOV9RUIVUR:G75fORwtd0Xi99pluy6rUR
                                                                                                                                                                                                                                            MD5:558351E85234647771635F8D51F12A8F
                                                                                                                                                                                                                                            SHA1:500FAE524C077385C61583C3071D598EF4B7C312
                                                                                                                                                                                                                                            SHA-256:4C1717AFD4253F0D198CAB8C0EEDBAD0F8CCAE82BC9BB7EED00FF438B7C48DEC
                                                                                                                                                                                                                                            SHA-512:03A4F6C9AB03EEE9509C5CFE7381A1BAD047D1A183D86182CBAE290CB59DAE0A33CF9CAC037043402E2E1AC17C7C4178437ECBC07F5B393C7FD55C11B478BF2E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.............1.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                            Entropy (8bit):4.7774374386151
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:tR4OWTNfWnFGXRSeKqFOMPHIrscWIV//Uv:pGNeVqTVIFUv
                                                                                                                                                                                                                                            MD5:528E077C5A0AE95CCBBEC32A34399FC2
                                                                                                                                                                                                                                            SHA1:BEAA3B5EADEA56D32713CF8A6B910165EA526A72
                                                                                                                                                                                                                                            SHA-256:F78DB26F6106E9C13043DED05980D849754381B8A2F1261DFCC51E46C2693D64
                                                                                                                                                                                                                                            SHA-512:5DC6DEF409230EEC949A7961D54152025D03F6672E6E3CDFB9D489C0207ADD4724939DACE53A3C62776A1EC8711A8A4BACF1CA40D2C72C5135F7B41825CE728A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:2024/02/05-16:11:35.841 5624 Reusing MANIFEST leveldb/MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):41
                                                                                                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Login Data

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3020000, page size 2048, file counter 1, database pages 9, cookie 0x5, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):18432
                                                                                                                                                                                                                                            Entropy (8bit):0.8485594039481521
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:LLilH0KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6UwcpYMQW:kz+JH3yJUheCVE9V8MX0PFlNU1uW
                                                                                                                                                                                                                                            MD5:89D7B9AD36CA7345933C7E369BA0A5F4
                                                                                                                                                                                                                                            SHA1:78F072D00227314570B0E0F721690856B4E2FB4F
                                                                                                                                                                                                                                            SHA-256:2ADE5F90626DBC3BC778A35CE4B28B0DCB28F2852FBF7DCC15506E0501642F1A
                                                                                                                                                                                                                                            SHA-512:3D25B83811B7875AF638B32A1A9664819718B1BB19D5FDCE5812360B5676FEB7DFB5DB33AF30371E3B7437FABCEB7779839456586662E62571CA5CA2450D55E7
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .....................................................................................g.....:.3.E.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N...%..oindexstats_originstats.CREATE INDEX stats_origin ON stats(origin_domain).@......._tablestatsstats.CREATE TABLE stats (origin_domain VARCHAR NOT NULL, username_value VARCHAR, dismissal_count INTEGER, update_time INTEGER NOT NULL, UNIQUE

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1670
                                                                                                                                                                                                                                            Entropy (8bit):4.827999028831368
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:Ycxi7qGoTwA8cWpfceHQg4qoB9eSnqKzJR:nxFd/WSe2qoOvs
                                                                                                                                                                                                                                            MD5:F87B28A242747780E3FD7CFC3637B665
                                                                                                                                                                                                                                            SHA1:3A7124392AEB47BE5B9B2EF8CFDBA54A1B2A0376
                                                                                                                                                                                                                                            SHA-256:7891E20C9FCD215273135F1C6568BE63BB7A8BA8F032D7334F2ECB95293C52E7
                                                                                                                                                                                                                                            SHA-512:B4C4288577315A8E7FF809A20F4E797BE256DFF3DC130211B2BE775B085E45875EC811EDDB4E4426B15708D0A440FD32077DF2773346A13E79E05161EA0EA3E4
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13351619490436971","browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"data_reduction_lo_fi":{"load_images_requests_per_session":0,"load_images_snackbars_shown_per_session":0,"was_used_this_session":false},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"62.0.3202.94"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"invalidator":{"client_id":"/oyl8CWpSpcKBRkq8gpELA=="},"media":{"device_id_salt":"ERFDNMXkwzoLidW9fjDihA=="},"ntp":{"num_personal_suggestions":2},"partition":{"per_host_zoom_levels":{"x":{}}},"plugins":{"plugins_list":[]},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"domain_to_origin_migration_status":1,"exceptions":{"accessibility_events":{},"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_guard":{},"client_hints":{},"cookies":

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences~RF48030f.TMP (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1670
                                                                                                                                                                                                                                            Entropy (8bit):4.827999028831368
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:Ycxi7qGoTwA8cWpfceHQg4qoB9eSnqKzJR:nxFd/WSe2qoOvs
                                                                                                                                                                                                                                            MD5:F87B28A242747780E3FD7CFC3637B665
                                                                                                                                                                                                                                            SHA1:3A7124392AEB47BE5B9B2EF8CFDBA54A1B2A0376
                                                                                                                                                                                                                                            SHA-256:7891E20C9FCD215273135F1C6568BE63BB7A8BA8F032D7334F2ECB95293C52E7
                                                                                                                                                                                                                                            SHA-512:B4C4288577315A8E7FF809A20F4E797BE256DFF3DC130211B2BE775B085E45875EC811EDDB4E4426B15708D0A440FD32077DF2773346A13E79E05161EA0EA3E4
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13351619490436971","browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"data_reduction_lo_fi":{"load_images_requests_per_session":0,"load_images_snackbars_shown_per_session":0,"was_used_this_session":false},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"62.0.3202.94"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"invalidator":{"client_id":"/oyl8CWpSpcKBRkq8gpELA=="},"media":{"device_id_salt":"ERFDNMXkwzoLidW9fjDihA=="},"ntp":{"num_personal_suggestions":2},"partition":{"per_host_zoom_levels":{"x":{}}},"plugins":{"plugins_list":[]},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"domain_to_origin_migration_status":1,"exceptions":{"accessibility_events":{},"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_guard":{},"client_hints":{},"cookies":

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\README

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):162
                                                                                                                                                                                                                                            Entropy (8bit):4.273886413532386
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:MVIWRKXECSAV6jDyhjgHGAW+LB2Z4MKLFE1SwhiFAfXQmWyKBPMwRgFL8CPAzkmM:KrsUpAQQgHGwB26MK8Sw06fXQmWtRAI+
                                                                                                                                                                                                                                            MD5:44028E0E05F8498268AA16B5D1BF19FF
                                                                                                                                                                                                                                            SHA1:1C241C407F2903727920B5069C4582F5D33369C8
                                                                                                                                                                                                                                            SHA-256:2952D4AD35DC8E19F3D10CEFA90B832EB3923B88C472A22F6FD57D4A5CF84E74
                                                                                                                                                                                                                                            SHA-512:A8F677CFB8EB25A8A8287AB2ADCF72932FF9AEBFC54EACF55034342BFFA10A212C487B11895C005605737569C24800F5EA82AA9A3FDAED10FD084E897A8FF2C4
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:nwjs settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through nwjs defined APIs.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4629
                                                                                                                                                                                                                                            Entropy (8bit):5.509913364683177
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:i9XiaTLCp05VMrkvopfhVuW7A5IOrMn3YPo0MG6+kT:1lp9kiuW+IOAn3go0iv
                                                                                                                                                                                                                                            MD5:45DADA5E149241F906AA2E85A9572FC0
                                                                                                                                                                                                                                            SHA1:31F7D637F68345BD56B4ABF4C50F780DBE65B77B
                                                                                                                                                                                                                                            SHA-256:E940C67B3FF1FF9B8FA41D0BE9EC0AC5F1C63502CB168C3445636C3E17F76C98
                                                                                                                                                                                                                                            SHA-512:729C047AA7A505F8F99293E01ECC8E0885932C438BF3A5DB150CA95CFEA20E72EBF81CF10E036061D998B7728D74A238CD7CA19317B843AD4CAC93968A689B53
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["resourcesPrivate"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13351619490429733","location":5,"manifest":{"content_security_policy":"script-src 'self' blob: filesystem: chrome://resources; object-src * blob: externalfile: file: filesystem: data:; plugin-types application/x-google-chrome-pdf","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QIDAQAB","manifest_version":2,"mime_types":["application/pdf"],"mime_types_handler":"index.html","name"

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):46
                                                                                                                                                                                                                                            Entropy (8bit):4.019797536844534
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:sLollttz6sjlGXU2tkn:qolXtWswXU2tkn
                                                                                                                                                                                                                                            MD5:90881C9C26F29FCA29815A08BA858544
                                                                                                                                                                                                                                            SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                                                                                                                                                                                                            SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                                                                                                                                                                                                            SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:...n'................_mts_schema_descriptor...

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):132
                                                                                                                                                                                                                                            Entropy (8bit):5.181017062662337
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:tR4OWTNfWzRrVWKKqFkPqLTVSRE2J5ja5jm4E/rppwvWIV//Uv:pGNahyq2PqLTwi239pIFUv
                                                                                                                                                                                                                                            MD5:29F2AD104EFDED8BBBE10F2FC931E106
                                                                                                                                                                                                                                            SHA1:ED7E4DAD16B7CFA7AFFFB575439AF7FC9C34D812
                                                                                                                                                                                                                                            SHA-256:AC775EF560D5B9983E069CE26C34CE6192A0DC64B782B02E719D3B3D23238FBC
                                                                                                                                                                                                                                            SHA-512:CA67EA6684CB2CBEF935F48DDC32BDEE6ADFBF00782B10790B5926DB4A567BAA2C43540BEB46AB5AA78B1519B936F0268DDCD75411E09887893A61EC1EF85CCC
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:2024/02/05-16:11:30.464 4192 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):41
                                                                                                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Thumbnails\000001.dbtmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Thumbnails\CURRENT (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Thumbnails\LOG

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):125
                                                                                                                                                                                                                                            Entropy (8bit):5.215209054457942
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:tR4OWTNfWmaSeKqFkPqLTVSRE2J5ja5jm4E/sCA5WIV//Uv:pGNrHq2PqLTwi239kCAsIFUv
                                                                                                                                                                                                                                            MD5:CB7CE0C3D0C95A4E365A4BD7C0C21B95
                                                                                                                                                                                                                                            SHA1:A46BCA5F0C8731D4E759FF83FA0DC3332F8D01D8
                                                                                                                                                                                                                                            SHA-256:662EADC5DCA63A48E3DE09ED1F2A49397CBB48BF1A476A44EA92E8002FBEAE8D
                                                                                                                                                                                                                                            SHA-512:DD4E85B539EB0E17A50D9311B4B55430A450A0993441DB01140D5D31BD5C6A095F7EE84A45CB11DCB187AF1284F89EDEEF98E371DAC2EB957A6127ADFEAB9FD1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:2024/02/05-16:11:30.690 4980 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Thumbnails/MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Thumbnails\MANIFEST-000001

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):41
                                                                                                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Top Sites

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3020000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                            Entropy (8bit):0.6199759783295287
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12:TLSHLO4rOTLSOEfnreNEFxOUwa5qguKoiZ75fOSBJ3IccogYccogvXvXXzfIKMrj:TLyG9MreNE6UwccKom5fBY4zQKM3RJz
                                                                                                                                                                                                                                            MD5:B75C97B4727E7CCEF589ECC73FF9A7A8
                                                                                                                                                                                                                                            SHA1:96034314FD33B86DDDB1F556A56386577CB85B8B
                                                                                                                                                                                                                                            SHA-256:627F3736D0688A0C60E5DA51EB23469A981C785E27E03756B87A043191398169
                                                                                                                                                                                                                                            SHA-512:5975B92F3F4A844723E98407BAB1AB1192566E89208B937CEA645E0A2A6EB235CC97239E869F3913FF88CC4798980B1BDEA90F5965A75700DE5A77081CC7D959
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .....................................................................................g.....2....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Visited Links

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):131072
                                                                                                                                                                                                                                            Entropy (8bit):0.002095330713584969
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:ImtVnu5C/:IiVh
                                                                                                                                                                                                                                            MD5:04C22E55C68E3D1F1ADEC80DD562EF09
                                                                                                                                                                                                                                            SHA1:EA4E2AA56924366C04F4D4B393844DFE122E5119
                                                                                                                                                                                                                                            SHA-256:75EDCC29589872900CBFCA830D9BFF3E0C0EA118AE018B44662A62F113684A17
                                                                                                                                                                                                                                            SHA-512:6EECDB5A9F8855F16ED5D48ABB5D275577564C775B76F79134A7DECB2B6D27F61A47563C84A2A09F0A730A153A5EBF191A85AA5360E91EF55A4EAF6F2FCE379B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:VLnk.....?.......LG../................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Applications\_crx_npaimmhhjcfhbdogdfcmlldgglpldhbm\FAST!.ico (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:MS Windows icon resource - 9 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):28134
                                                                                                                                                                                                                                            Entropy (8bit):4.854024708755535
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:ORYXkYffbS9v8VxMWi2oSeoOPjir6Srsrj6wZRyukHVguPx7XHtc3ew7ywHo4Byz:ORsJ7S9tWih4uSYr2A8ucgoNc7Ff
                                                                                                                                                                                                                                            MD5:4B50BD91DA81C0AEEDF9F767597DFF6F
                                                                                                                                                                                                                                            SHA1:4699CAAA3127711A01FF1165C4C47672CC0659CB
                                                                                                                                                                                                                                            SHA-256:4703EC4FCDB7AA85D20E0AFE0D40B894DEAE6FD7F37328C8FE8C60AD84C8322B
                                                                                                                                                                                                                                            SHA-512:7782D2ECA391ABD552A0139EF482C98A25407C95A1281E962B531390ACCA80765C75A8B975A30E4DB94C52496C3321A7B40745D187CA802036CE9497252DC7D4
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............ .H............. ............... .p............. .h............. ............... ......... .... .........((.... .h....-..00.... ..%..>H..(............. ......................... 3;==myz..../<..-;x~............1OX\f...^.......\z....$&............_...}............$<B........5D..............................-:x~\y................................$&%,DE..........p.....\ior............................^y......................Vbfg]x..Vr..................................(............. .............................1Uac. #%....EV..,9ou................+<BEp...[...;PLT^s..Qp.. %:<................S...T...............4A..................(0)0....Ys..........u...............EV.._v......................dsux........-9qvRo..........................[hlm........!%8;8G..s............pS.............................etvx................dw......................LWZ[........Nk..Wt..............................Wh..[x..]z..........................................(............. ...........................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Applications\_crx_npaimmhhjcfhbdogdfcmlldgglpldhbm\FAST!.ico.md5

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.875
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:SN/8C8fd:+18d
                                                                                                                                                                                                                                            MD5:C8EB2C4BEC8226D567DBE9DFB508DA7C
                                                                                                                                                                                                                                            SHA1:B4089FB427D35068F8824AC78867FFAACA200DBE
                                                                                                                                                                                                                                            SHA-256:768E68A4AD1333A64352F7199CBB54C5F797E70E4ACCDB86829EB98272603A23
                                                                                                                                                                                                                                            SHA-512:5CBFE5915112A6DD803A63F42A34643A524FF7F3E7D8299636BA25F83228B7CECCDCADE9B82D0E2E5D9A96A401B857DE2B25F2468D8C418F577764F3BD02D688
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:...b......Yt=W..

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Applications\_crx_npaimmhhjcfhbdogdfcmlldgglpldhbm\a5e870ad-4099-422f-9ed0-dae07b04a666.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:MS Windows icon resource - 9 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):28134
                                                                                                                                                                                                                                            Entropy (8bit):4.854024708755535
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:ORYXkYffbS9v8VxMWi2oSeoOPjir6Srsrj6wZRyukHVguPx7XHtc3ew7ywHo4Byz:ORsJ7S9tWih4uSYr2A8ucgoNc7Ff
                                                                                                                                                                                                                                            MD5:4B50BD91DA81C0AEEDF9F767597DFF6F
                                                                                                                                                                                                                                            SHA1:4699CAAA3127711A01FF1165C4C47672CC0659CB
                                                                                                                                                                                                                                            SHA-256:4703EC4FCDB7AA85D20E0AFE0D40B894DEAE6FD7F37328C8FE8C60AD84C8322B
                                                                                                                                                                                                                                            SHA-512:7782D2ECA391ABD552A0139EF482C98A25407C95A1281E962B531390ACCA80765C75A8B975A30E4DB94C52496C3321A7B40745D187CA802036CE9497252DC7D4
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:............ .H............. ............... .p............. .h............. ............... ......... .... .........((.... .h....-..00.... ..%..>H..(............. ......................... 3;==myz..../<..-;x~............1OX\f...^.......\z....$&............_...}............$<B........5D..............................-:x~\y................................$&%,DE..........p.....\ior............................^y......................Vbfg]x..Vr..................................(............. .............................1Uac. #%....EV..,9ou................+<BEp...[...;PLT^s..Qp.. %:<................S...T...............4A..................(0)0....Ys..........u...............EV.._v......................dsux........-9qvRo..........................[hlm........!%8;8G..s............pS.............................etvx................dw......................LWZ[........Nk..Wt..............................Wh..[x..]z..........................................(............. ...........................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Data

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3020000, page size 2048, file counter 1, database pages 32, cookie 0x15, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                                                            Entropy (8bit):0.8591399539328934
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:Ze3Zht6YnMvqI738Hsa/NTIdEFaEdUDSuKn8Y/qBOnxjyWTJereWb3Ds4Blr:ZkZLHMEhTJMb3D
                                                                                                                                                                                                                                            MD5:E3A002935A782F75C8AC7F3F0505D7F2
                                                                                                                                                                                                                                            SHA1:5EC603207A726EFA249B6EF575B2D03C64E928FD
                                                                                                                                                                                                                                            SHA-256:912C041F1F45B8B817F94C84C15433A40463A8A56D6978CF08B7ED28996050A7
                                                                                                                                                                                                                                            SHA-512:BEFDE36B695C065C46E10010E9CC0988A497BD53886EC7A76E9FF50321E54DA1DE16AC67F9522FF349D2BDEFED395083A2985D611DFAA8E869C3649F629030C2
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ....... ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\d1811830-a3f7-418d-b294-eb831eb10232.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4629
                                                                                                                                                                                                                                            Entropy (8bit):5.509913364683177
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:i9XiaTLCp05VMrkvopfhVuW7A5IOrMn3YPo0MG6+kT:1lp9kiuW+IOAn3go0iv
                                                                                                                                                                                                                                            MD5:45DADA5E149241F906AA2E85A9572FC0
                                                                                                                                                                                                                                            SHA1:31F7D637F68345BD56B4ABF4C50F780DBE65B77B
                                                                                                                                                                                                                                            SHA-256:E940C67B3FF1FF9B8FA41D0BE9EC0AC5F1C63502CB168C3445636C3E17F76C98
                                                                                                                                                                                                                                            SHA-512:729C047AA7A505F8F99293E01ECC8E0885932C438BF3A5DB150CA95CFEA20E72EBF81CF10E036061D998B7728D74A238CD7CA19317B843AD4CAC93968A689B53
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["resourcesPrivate"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13351619490429733","location":5,"manifest":{"content_security_policy":"script-src 'self' blob: filesystem: chrome://resources; object-src * blob: externalfile: file: filesystem: data:; plugin-types application/x-google-chrome-pdf","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QIDAQAB","manifest_version":2,"mime_types":["application/pdf"],"mime_types_handler":"index.html","name"

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Xv:1qIF/
                                                                                                                                                                                                                                            MD5:206702161F94C5CD39FADD03F4014D98
                                                                                                                                                                                                                                            SHA1:BD8BFC144FB5326D21BD1531523D9FB50E1B600A
                                                                                                                                                                                                                                            SHA-256:1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
                                                                                                                                                                                                                                            SHA-512:0AF09F26941B11991C750D1A2B525C39A8970900E98CBA96FD1B55DBF93FEE79E18B8AAB258F48B4F7BDA40D059629BC7770D84371235CDB1352A4F17F80E145
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000002.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF474099.TMP (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\LOG

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):46
                                                                                                                                                                                                                                            Entropy (8bit):4.211289608739615
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:tR4OWTNfWmS6Xk+1WFv:pGNrSNSg
                                                                                                                                                                                                                                            MD5:C900F79FF873D057212421AF908DE894
                                                                                                                                                                                                                                            SHA1:3BC0D6A680DB9D72BEFD29151626BD0BF7FD9806
                                                                                                                                                                                                                                            SHA-256:C892ABFB87DB67E70E0E6283D35E167AE605F70741381B4ED0BB9DB3072EF1F5
                                                                                                                                                                                                                                            SHA-512:67891B0BADBFEFD5A55FDF37569C3C38640379D3E180EA0BD60754F29D3A4002FEA38EBC278AEAF9495F4D1C429C44AA7846CD1D958E1AF1F289BA09E5AD4CB1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:2024/02/05-16:11:30.693 4052 Delete type=3 #1.

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):41
                                                                                                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:MPEG-4 LOAS
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):50
                                                                                                                                                                                                                                            Entropy (8bit):4.948758439731456
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Ukk/vxQRDKIVqU0blS:oO7iblS
                                                                                                                                                                                                                                            MD5:22BF0E81636B1B45051B138F48B3D148
                                                                                                                                                                                                                                            SHA1:56755D203579AB356E5620CE7E85519AD69D614A
                                                                                                                                                                                                                                            SHA-256:E292F241DAAFC3DF90F3E2D339C61C6E2787A0D0739AAC764E1EA9BB8544EE97
                                                                                                                                                                                                                                            SHA-512:A4CF1F5C74E0DF85DDA8750BE9070E24E19B8BE15C6F22F0C234EF8423EF9CA3DB22BA9EF777D64C33E8FD49FADA6FCCA26C1A14BA18E8472370533A1C65D8D0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:V........leveldb.BytewiseComparator...............

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Default\previews_opt_out.db

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3020000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                                                                                            Entropy (8bit):0.36180729043006593
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:TLldBgtBgJBgQjiZS53uQFE27MCgGZs5o:TJvg/gDgQjiZS0Qj7BgeAo
                                                                                                                                                                                                                                            MD5:F88C6240452984BBA45F1B77B01FFFAC
                                                                                                                                                                                                                                            SHA1:93CCD3DEAA9BD5BF073B978B2F5784DBB425D480
                                                                                                                                                                                                                                            SHA-256:274B8CE48D0FBF149B5C7EB4AA94938978C4CD5A3346A290436B450601C672A9
                                                                                                                                                                                                                                            SHA-512:B309F7058CD88DF7331370DC9F02ABAC62A8C98F64FF13A089DA4AC6702B6BB380029036B3C66B00ABD004102DEA4582731476CB72E9FD3BE2C8A197C9B41FE3
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..................................................................................Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Local State (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1702
                                                                                                                                                                                                                                            Entropy (8bit):4.8408671939240815
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:YN+yiZJpaL4FsJ9DotoJ4Sw9IMG3wPUHJNE7BAJasnTifQ70xzUWKx6gyHe42HCI:YNk3p6otovBH36BAJ6fO0fKche49hJa
                                                                                                                                                                                                                                            MD5:4F583DEE4B97FFCC6EF4C21286C9DAB2
                                                                                                                                                                                                                                            SHA1:69AB5BF1CCD0307EAAF4540439105376427D76A0
                                                                                                                                                                                                                                            SHA-256:C0A4A16F7BBBAAB03236DEF727AC76CCC56C576D9B73B7A6159C4C2DC6FC9D77
                                                                                                                                                                                                                                            SHA-512:C4F91B332B5F28DC5BE10EAD90E272BDEF5847FED6D66898143A59D35D42A71AF5BEC54F488F6061F21B453FAEE78FB8107D26DF70D003152C3F354D48E9817B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"hardware_acceleration_mode_previous":true,"policy":{"last_statistics_update":"13351619490353527"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351619489209135","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351619490510484"},"uninstall_metrics":{"installation_date2":"1707145890","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_id2":"afcd57bd-6577-4165-83f7-cce23c949d04","client_id_timestamp":"1707145890","low_entropy_source2":6917,"machine_id":2786370,"ses

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF479820.TMP (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1702
                                                                                                                                                                                                                                            Entropy (8bit):4.8408671939240815
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:YN+yiZJpaL4FsJ9DotoJ4Sw9IMG3wPUHJNE7BAJasnTifQ70xzUWKx6gyHe42HCI:YNk3p6otovBH36BAJ6fO0fKche49hJa
                                                                                                                                                                                                                                            MD5:4F583DEE4B97FFCC6EF4C21286C9DAB2
                                                                                                                                                                                                                                            SHA1:69AB5BF1CCD0307EAAF4540439105376427D76A0
                                                                                                                                                                                                                                            SHA-256:C0A4A16F7BBBAAB03236DEF727AC76CCC56C576D9B73B7A6159C4C2DC6FC9D77
                                                                                                                                                                                                                                            SHA-512:C4F91B332B5F28DC5BE10EAD90E272BDEF5847FED6D66898143A59D35D42A71AF5BEC54F488F6061F21B453FAEE78FB8107D26DF70D003152C3F354D48E9817B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"hardware_acceleration_mode_previous":true,"policy":{"last_statistics_update":"13351619490353527"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351619489209135","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351619490510484"},"uninstall_metrics":{"installation_date2":"1707145890","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_id2":"afcd57bd-6577-4165-83f7-cce23c949d04","client_id_timestamp":"1707145890","low_entropy_source2":6917,"machine_id":2786370,"ses

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF48030f.TMP (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1702
                                                                                                                                                                                                                                            Entropy (8bit):4.8408671939240815
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:YN+yiZJpaL4FsJ9DotoJ4Sw9IMG3wPUHJNE7BAJasnTifQ70xzUWKx6gyHe42HCI:YNk3p6otovBH36BAJ6fO0fKche49hJa
                                                                                                                                                                                                                                            MD5:4F583DEE4B97FFCC6EF4C21286C9DAB2
                                                                                                                                                                                                                                            SHA1:69AB5BF1CCD0307EAAF4540439105376427D76A0
                                                                                                                                                                                                                                            SHA-256:C0A4A16F7BBBAAB03236DEF727AC76CCC56C576D9B73B7A6159C4C2DC6FC9D77
                                                                                                                                                                                                                                            SHA-512:C4F91B332B5F28DC5BE10EAD90E272BDEF5847FED6D66898143A59D35D42A71AF5BEC54F488F6061F21B453FAEE78FB8107D26DF70D003152C3F354D48E9817B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"hardware_acceleration_mode_previous":true,"policy":{"last_statistics_update":"13351619490353527"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351619489209135","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351619490510484"},"uninstall_metrics":{"installation_date2":"1707145890","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_id2":"afcd57bd-6577-4165-83f7-cce23c949d04","client_id_timestamp":"1707145890","low_entropy_source2":6917,"machine_id":2786370,"ses

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF4850e0.TMP (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1702
                                                                                                                                                                                                                                            Entropy (8bit):4.8408671939240815
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:YN+yiZJpaL4FsJ9DotoJ4Sw9IMG3wPUHJNE7BAJasnTifQ70xzUWKx6gyHe42HCI:YNk3p6otovBH36BAJ6fO0fKche49hJa
                                                                                                                                                                                                                                            MD5:4F583DEE4B97FFCC6EF4C21286C9DAB2
                                                                                                                                                                                                                                            SHA1:69AB5BF1CCD0307EAAF4540439105376427D76A0
                                                                                                                                                                                                                                            SHA-256:C0A4A16F7BBBAAB03236DEF727AC76CCC56C576D9B73B7A6159C4C2DC6FC9D77
                                                                                                                                                                                                                                            SHA-512:C4F91B332B5F28DC5BE10EAD90E272BDEF5847FED6D66898143A59D35D42A71AF5BEC54F488F6061F21B453FAEE78FB8107D26DF70D003152C3F354D48E9817B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"hardware_acceleration_mode_previous":true,"policy":{"last_statistics_update":"13351619490353527"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351619489209135","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351619490510484"},"uninstall_metrics":{"installation_date2":"1707145890","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_id2":"afcd57bd-6577-4165-83f7-cce23c949d04","client_id_timestamp":"1707145890","low_entropy_source2":6917,"machine_id":2786370,"ses

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF488f41.TMP (copy)

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1702
                                                                                                                                                                                                                                            Entropy (8bit):4.8408671939240815
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:YN+yiZJpaL4FsJ9DotoJ4Sw9IMG3wPUHJNE7BAJasnTifQ70xzUWKx6gyHe42HCI:YNk3p6otovBH36BAJ6fO0fKche49hJa
                                                                                                                                                                                                                                            MD5:4F583DEE4B97FFCC6EF4C21286C9DAB2
                                                                                                                                                                                                                                            SHA1:69AB5BF1CCD0307EAAF4540439105376427D76A0
                                                                                                                                                                                                                                            SHA-256:C0A4A16F7BBBAAB03236DEF727AC76CCC56C576D9B73B7A6159C4C2DC6FC9D77
                                                                                                                                                                                                                                            SHA-512:C4F91B332B5F28DC5BE10EAD90E272BDEF5847FED6D66898143A59D35D42A71AF5BEC54F488F6061F21B453FAEE78FB8107D26DF70D003152C3F354D48E9817B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"hardware_acceleration_mode_previous":true,"policy":{"last_statistics_update":"13351619490353527"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351619489209135","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351619490510484"},"uninstall_metrics":{"installation_date2":"1707145890","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_id2":"afcd57bd-6577-4165-83f7-cce23c949d04","client_id_timestamp":"1707145890","low_entropy_source2":6917,"machine_id":2786370,"ses

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\e2248fdd-5d06-4d1f-9a9d-59c3f1bfbefc.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1852
                                                                                                                                                                                                                                            Entropy (8bit):4.856504738568769
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:Y6S1e/yXYyiZJpaL4FsJ9DotoJ4Sw9IMG3wPUHJNE7BAJasnTifQ70xzUWKx6gyb:YLfO3p6otovBH36BAJ6fO0fKche49mJa
                                                                                                                                                                                                                                            MD5:2FDC962EF66FA1AF3EE45140AA7E707F
                                                                                                                                                                                                                                            SHA1:67993E971BF2F8204599AA37BC4E966ED3F70EA2
                                                                                                                                                                                                                                            SHA-256:2DA1CA80FD0E018083E041F4CC47C09B135E6DD2AFA40E350C2275374F49AE37
                                                                                                                                                                                                                                            SHA-512:5E403D1FB2B9B48CB5B79B09FD65717746630B40049951BA48A4E30FA34CD41A04DD74709342101131A6A91A6B0D2BAD9506B493202E0D685C0F01626A356EDC
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"hardware_acceleration_mode_previous":true,"password_manager":{"os_password_blank":true,"os_password_last_changed":"13351619531443634"},"policy":{"last_statistics_update":"13351619490353527"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351619489209135","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351619490510484"},"uninstall_metrics":{"installation_date2":"1707145890","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FAST!\User Data\f80f17c3-b729-4f32-81c2-0a5b612e2fdb.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                            Size (bytes):12046
                                                                                                                                                                                                                                            Entropy (8bit):5.11302127258662
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:yChmoAGLCq1Iay8asbKTelqwJ/mw5LLPTqJW0W3H0/qjW1LbO7hRhUYfC:y4mXxmPEcxXPn0QH0SoUbfC
                                                                                                                                                                                                                                            MD5:11D81E40098B6C92D30517BDBF462A3E
                                                                                                                                                                                                                                            SHA1:B1B725CAE61595220CEAA98F2A17D98BD46A35AD
                                                                                                                                                                                                                                            SHA-256:94DCBB7A5F24A9CF36F031FB6563467C014F6D3BA6A2A78DBB1731634CDC7508
                                                                                                                                                                                                                                            SHA-512:915A3B67FAC9A48C77E071BC63A8C3416A733F7BA96C9FA09F9C19321882EBA7E7248D2626FE20C3DF852DBBA87F57236BDD27009E33DA8C9204B910BDA0AD00
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"hardware_acceleration_mode_previous":true,"password_manager":{"os_password_blank":true,"os_password_last_changed":"13351619531443634"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"*Shockwave Flash*","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://support.google.com/chrome/answer/6258784","versions":[{"reference":"https://helpx.adobe.com/security/products/flash-player/apsb15-18.html","status":"requires_authorization","version":"18.0.0.209"}]},"adobe-reader":{"displayurl":true,"group_name_matcher":"*Adobe Acrobat*","help_url":"https://support.google.com/chrome/?p=plugin_pdf","lang":"en-US","mime_types":["application/pdf","application/vnd.adobe.x-mars","application/vnd.adobe.xdp+xml","application/vnd.adobe.xfd+xml","application/vnd.adobe.xfdf","application/vnd.fdf"]

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\SetupResources[1].exe

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):55410880
                                                                                                                                                                                                                                            Entropy (8bit):7.998952021709674
                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                            SSDEEP:1572864:Yq6r2jVe6d4iw4Gf+wznzARxcky/hCkpLvsxnfVXe503I:N6KjVxd40GfhzzARxckyZCCLANXe5qI
                                                                                                                                                                                                                                            MD5:884E1463B4CB20B28C3A80960E02AC2D
                                                                                                                                                                                                                                            SHA1:E6BFBCD90FEF4918754393F02B8D9D5A30B3D260
                                                                                                                                                                                                                                            SHA-256:94C3E4DB939C00F36DB55C752A7E452B8B76DA4752EA01491E2DE3FED2FE9C21
                                                                                                                                                                                                                                            SHA-512:3332415DED6FD0C8358769A3639DA30CE1A2FC738E07222848064DBDD49834AD59E06F039D69DDAEAE732A2699EA037DA18C83C849EB64CDACA10340E1AC4492
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3(..RF..RF..RF.*]...RF..RG.pRF.*]...RF.qv..RF..T@..RF.Rich.RF.........................PE..L...oy.V.................`...........1.......p....@...................................N......................................t......................8lM..............................................................p...............................text...<^.......`.................. ..`.rdata..j....p.......d..............@..@.data...8]...........x..............@....ndata...................................rsrc............ ...~..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\SetupEngine[1].exe

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):3208568
                                                                                                                                                                                                                                            Entropy (8bit):7.993984815619479
                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                            SSDEEP:98304:MGW8ag3duVxD/2/X0HRFVs746cLyl9bvrv:MGW8Vi/2P0Hm7LxHv
                                                                                                                                                                                                                                            MD5:6ADC1C797360ABEE521CAC2019130184
                                                                                                                                                                                                                                            SHA1:658DDE0E4189D365C32DBA73ACDC523B8A58E1C1
                                                                                                                                                                                                                                            SHA-256:C9F73F363380BAFAFFF309DAE38CF6E56ABFED4B50732894D04CE01339821FCB
                                                                                                                                                                                                                                            SHA-512:921D45AAAB38DA4D52E54D31C14BAE03D0EB2792BF047F7755E484EBF9F166ED43B4652C4E71192E60D5B6746EB24E6348EC520D507326897BA0F77EF0B83545
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@...................................1...@..............................................L............0.h)...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata...@...`...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SetupEngine.exe

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):3208568
                                                                                                                                                                                                                                            Entropy (8bit):7.993984815619479
                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                            SSDEEP:98304:MGW8ag3duVxD/2/X0HRFVs746cLyl9bvrv:MGW8Vi/2P0Hm7LxHv
                                                                                                                                                                                                                                            MD5:6ADC1C797360ABEE521CAC2019130184
                                                                                                                                                                                                                                            SHA1:658DDE0E4189D365C32DBA73ACDC523B8A58E1C1
                                                                                                                                                                                                                                            SHA-256:C9F73F363380BAFAFFF309DAE38CF6E56ABFED4B50732894D04CE01339821FCB
                                                                                                                                                                                                                                            SHA-512:921D45AAAB38DA4D52E54D31C14BAE03D0EB2792BF047F7755E484EBF9F166ED43B4652C4E71192E60D5B6746EB24E6348EC520D507326897BA0F77EF0B83545
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@...................................1...@..............................................L............0.h)...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata...@...`...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SetupResources.exe

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):55410880
                                                                                                                                                                                                                                            Entropy (8bit):7.998952021709674
                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                            SSDEEP:1572864:Yq6r2jVe6d4iw4Gf+wznzARxcky/hCkpLvsxnfVXe503I:N6KjVxd40GfhzzARxckyZCCLANXe5qI
                                                                                                                                                                                                                                            MD5:884E1463B4CB20B28C3A80960E02AC2D
                                                                                                                                                                                                                                            SHA1:E6BFBCD90FEF4918754393F02B8D9D5A30B3D260
                                                                                                                                                                                                                                            SHA-256:94C3E4DB939C00F36DB55C752A7E452B8B76DA4752EA01491E2DE3FED2FE9C21
                                                                                                                                                                                                                                            SHA-512:3332415DED6FD0C8358769A3639DA30CE1A2FC738E07222848064DBDD49834AD59E06F039D69DDAEAE732A2699EA037DA18C83C849EB64CDACA10340E1AC4492
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3(..RF..RF..RF.*]...RF..RG.pRF.*]...RF.qv..RF..T@..RF.Rich.RF.........................PE..L...oy.V.................`...........1.......p....@...................................N......................................t......................8lM..............................................................p...............................text...<^.......`.................. ..`.rdata..j....p.......d..............@..@.data...8]...........x..............@....ndata...................................rsrc............ ...~..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\diskspd.exe

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):144688
                                                                                                                                                                                                                                            Entropy (8bit):6.667845757025275
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:4YRHFhhMmofU98VLVFqZ3/FnKk2vlQBOJ2LcjNal+laLMQ03hc3J2tjF6+hjIEKT:NRlhhMmh33NnaE6O0vF6wBYqW2popg4
                                                                                                                                                                                                                                            MD5:FC41CABDD3C18079985AC5F648F58A90
                                                                                                                                                                                                                                            SHA1:51A619DDCB3661AA8675C2D7483840AC4F991746
                                                                                                                                                                                                                                            SHA-256:FA159F50E67FB5829F0F2511E25111C719411E6B6152FEA97F3A296264C7D7A4
                                                                                                                                                                                                                                            SHA-512:691090B54CE52D7E8BCFFF2711ADE7A6A8BB21B409358D7BFFC2053A53C116C7C22896F21BA36945A54F094D963CD9361A132D2E165365FE287C02F3C60356ED
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...s..s..s.....z.....f.....{.....x..s........x......r......r..Richs..........PE..L...O.*W..........................................@..........................`............@...... ...........................!..x....0.. ............&..0....@..........8...............................@............ ...............................text...8........................... ..`.data...h...........................@....idata..j.... ......................@..@.rsrc... ....0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\dskres.xml

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                            Size (bytes):2622
                                                                                                                                                                                                                                            Entropy (8bit):5.179148755131428
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:rFXK//6zXledsGZqdfb+EwZz3kELe9XwMZM6TPMCWLQEwZ67:voWGZSmkELezy64pLZz
                                                                                                                                                                                                                                            MD5:74E80B2E111EECFC01B756EF3FD09FC9
                                                                                                                                                                                                                                            SHA1:6B21367A92E0C2D2D9D6EA32FC07D4CE49548B5C
                                                                                                                                                                                                                                            SHA-256:842585A0526941E875CCCA3D6F7B4D7BF3BA4571DC6AC3FA572B3E7DD2510A0D
                                                                                                                                                                                                                                            SHA-512:8745B77C2C040565D3C6EFA2822F56BBBFB2FC589816A20A3141C44DA4D16F01E7B70DD16DA41F0B8CB3936AD6A3628A521573D9BE3DB7BBF4D4EF162C16EBA4
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:<Results>..<System>..<ComputerName>651689</ComputerName>..<Tool>..<Version>2.0.17a</Version>..<VersionDate>2016/5/01</VersionDate>..</Tool>..<RunTime>2024/02/05 15:11:16 GMT</RunTime>..<ProcessorTopology>..<Group Group="0" MaximumProcessors="2" ActiveProcessors="2" ActiveProcessorMask="0x3"/>..</ProcessorTopology>..</System>..<Profile>..<Progress>0</Progress>..<ResultFormat>xml</ResultFormat>..<Verbose>false</Verbose>..<TimeSpans>..<TimeSpan>..<CompletionRoutines>false</CompletionRoutines>..<MeasureLatency>false</MeasureLatency>..<CalculateIopsStdDev>false</CalculateIopsStdDev>..<DisableAffinity>false</DisableAffinity>..<Duration>10</Duration>..<Warmup>5</Warmup>..<Cooldown>0</Cooldown>..<ThreadCount>0</ThreadCount>..<IoBucketDuration>1000</IoBucketDuration>..<RandSeed>0</RandSeed>..<Targets>..<Target>..<Path>C:\Users\user\AppData\Local\Temp\testfile.temp</Path>..<BlockSize>4096</BlockSize>..<BaseFileOffset>0</BaseFileOffset>..<SequentialScan>false</SequentialScan>..<RandomAccess>false

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nshBC38.tmp\SimpleSC.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1110016
                                                                                                                                                                                                                                            Entropy (8bit):6.62382554711905
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:fRdJsAp4dXFcLBz75cwoCmJKHwe6VuoH9v0D/LF5mM6:fBsmyVS151oCmJKE1dv0DX
                                                                                                                                                                                                                                            MD5:7B89329C6D8693FB2F6A4330100490A0
                                                                                                                                                                                                                                            SHA1:851B605CDC1C390C4244DB56659B6B9AA8ABD22C
                                                                                                                                                                                                                                            SHA-256:1620CDF739F459D1D83411F93648F29DCF947A910CC761E85AC79A69639D127D
                                                                                                                                                                                                                                            SHA-512:AC07972987EE610A677EA049A8EC521A720F7352D8B93411A95FD4B35EC29BFD1D6CCF55B48F32CC84C3DCEEF05855F723A88708EB4CF23CAEC77E7F6596786A
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...9.`............................L........ ....@......................................................................................2......................@f......................................................X............................text............................... ..`.itext..d........................... ..`.data...x;... ...<..................@....bss....@d...`...........................idata...............<..............@....didata..............L..............@....edata...............N..............@..@.rdata..E............T..............@..@.reloc..@f.......h...V..............@..B.rsrc....2.......2..................@..@....................................@..@........................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nshBC38.tmp\System.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):12288
                                                                                                                                                                                                                                            Entropy (8bit):5.814115788739565
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                                                                                                                                            MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                                                                            SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                                                                            SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                                                                            SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nshBC38.tmp\inetc.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):39424
                                                                                                                                                                                                                                            Entropy (8bit):4.684597989866362
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:njt65uI9oYzcCaHjl9Cb4I1f0AGhrHXoREnRxtIpH/u0abJ2v2DW9O9tk8ZwkpwD:noHtNQoRSIwTJB6Q/kPyBp6
                                                                                                                                                                                                                                            MD5:A35CDC9CF1D17216C0AB8C5282488EAD
                                                                                                                                                                                                                                            SHA1:ED8E8091A924343AD8791D85E2733C14839F0D36
                                                                                                                                                                                                                                            SHA-256:A793929232AFB78B1C5B2F45D82094098BCF01523159FAD1032147D8D5F9C4DF
                                                                                                                                                                                                                                            SHA-512:0F15B00D0BF2AABD194302E599D69962147B4B3EF99E5A5F8D5797A7A56FD75DD9DB0A667CFBA9C758E6F0DAB9CED126A9B43948935FE37FC31D96278A842BDF
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&.[.H.[.H.[.H.O.I.R.H.[.I...H...M.Y.H...L.Z.H...H.Z.H.....Z.H...J.Z.H.Rich[.H.................PE..L...n..c...........!.....T.........._........p............................... ............@..........................x......D...d...............................t....w..8...............................................D............................text....S.......T.................. ..`.rdata.......p.......X..............@..@.data....i...........d..............@....idata..A............v..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nshBC38.tmp\nsExec.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):7168
                                                                                                                                                                                                                                            Entropy (8bit):5.298362543684714
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
                                                                                                                                                                                                                                            MD5:675C4948E1EFC929EDCABFE67148EDDD
                                                                                                                                                                                                                                            SHA1:F5BDD2C4329ED2732ECFE3423C3CC482606EB28E
                                                                                                                                                                                                                                            SHA-256:1076CA39C449ED1A968021B76EF31F22A5692DFAFEEA29460E8D970A63C59906
                                                                                                                                                                                                                                            SHA-512:61737021F86F54279D0A4E35DB0D0808E9A55D89784A31D597F2E4B65B7BBEEC99AA6C79D65258259130EEDA2E5B2820F4F1247777A3010F2DC53E30C612A683
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L.....Oa...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\INetC.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22016
                                                                                                                                                                                                                                            Entropy (8bit):5.668346578219837
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:VpOSdCjDyyvBwRlX+ODbswYM2s74NS0v0Ac9khYLMkIX0+Gzyekx:rdCjW/lX1PfYM2X1
                                                                                                                                                                                                                                            MD5:92EC4DD8C0DDD8C4305AE1684AB65FB0
                                                                                                                                                                                                                                            SHA1:D850013D582A62E502942F0DD282CC0C29C4310E
                                                                                                                                                                                                                                            SHA-256:5520208A33E6409C129B4EA1270771F741D95AFE5B048C2A1E6A2CC2AD829934
                                                                                                                                                                                                                                            SHA-512:581351AEF694F2489E1A0977EBCA55C4D7268CA167127CEFB217ED0D2098136C7EB433058469449F75BE82B8E5D484C9E7B6CF0B32535063709272D7810EC651
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9<.EXR.EXR.EXR.b.).LXR.EXS..XR.b. .FXR.b.(.DXR.b...DXR.b.*.DXR.RichEXR.................PE..L....I6V...........!.....8...P......Q?.......P...................................................................... G..l....?..d.......(...............................................................................P............................text....7.......8.................. ..`.data...<<...P.......<..............@....rsrc...(............D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\System.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                                                            Entropy (8bit):5.7433628862644
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:Xv+cJZE61KRWJQO6tFiUdK7ckD4k7l1XRBm0w+NiHi1nSJ:Xf6rtFRdbQ1W+fn8
                                                                                                                                                                                                                                            MD5:0FF5120F1AFD0F295C2BAA0F7192D3F8
                                                                                                                                                                                                                                            SHA1:BDE842D5D11005DCB4FF1D4EA97DA31865477697
                                                                                                                                                                                                                                            SHA-256:4CA5BF1BEB4B802914C4D3E2F37861F6BA5ECF969CFEADF5855EDF58F647A721
                                                                                                                                                                                                                                            SHA-512:E049FFD7AACE8D136EEE007EE4F8DBC2AE8F3DCE79D1C633D9654392240F8215787DF8A6D08085257DB51F28FF2A8023A13333DDA3EA7F9BDC8B9C57B605F0A0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L...^y.V...........!.................).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text............................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\WmiInspector.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):118784
                                                                                                                                                                                                                                            Entropy (8bit):6.425120053243541
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:1Gg42gDj3f6+qSunYP4rayTba/KgCNgKONMjv1c4EotCsWjcdofV/D8DE:JTgn3dwra0iK6YjvFEojofV/IDE
                                                                                                                                                                                                                                            MD5:74C44D664457CEC263E2E2BC1C59CD7A
                                                                                                                                                                                                                                            SHA1:3C30917C961042933911D796A18CE338C5960BF3
                                                                                                                                                                                                                                            SHA-256:C2E0A3F3540E05FB36F1A17B0228FF4BA2C6BCEC89D9F806CD281C4D8D42161B
                                                                                                                                                                                                                                            SHA-512:9C0483ACF134F6FD727E2F8BA536953A3515EC7C3518DFF58F50D92573F033D9E2FE9DA65A62B6B32ABE393F2F79F32F611F4AFA947FF4A37C08C07E00814497
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$p.-`..~`..~`..~&@.~u..~&@:~...~...~a..~&@;~S..~...~i..~`..~...~mC?~a..~mC.~a..~mC.~a..~mC.~a..~Rich`..~........................PE..L....^UV...........!................Sp.......@............................... ............@.........................p...2.......P...............................p....A..8...............................@............@..<............................text...L-.......................... ..`.rdata..Nn...@...p...2..............@..@.data....:..........................@....rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\modern-wizard.bmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):26494
                                                                                                                                                                                                                                            Entropy (8bit):1.9568109962493656
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                                                                                                                                                            MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                                                                                                                                            SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                                                                                                                                            SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                                                                                                                                            SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\nsDialogs.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):9728
                                                                                                                                                                                                                                            Entropy (8bit):5.052729239776183
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:FtJ6tC4jcY5rKhkfL9SYdKkcxM2DjDf3GEfKvBKav+Yx4BndY7ndS27gA:Fyj6QS8HREf+BYYxAdqn420
                                                                                                                                                                                                                                            MD5:C4BE29CD82D2D02FABADB153C8A54846
                                                                                                                                                                                                                                            SHA1:8E7DC6B67ECAB045C735715C2D4E524CA6E774A4
                                                                                                                                                                                                                                            SHA-256:1D85D2A1216909905B095284894BFC54840C15E949B1BC8711734EEEA795A60F
                                                                                                                                                                                                                                            SHA-512:7ED721125672765B3774FE512DFF2B6AB7017D75409E2218C54809FD91FC37FF9356C0C2E11F8F05AED0F3FC515B90299A8B98EF611AD575B080AF0A4716F237
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.cXN`0XN`0XN`0XNa0mN`0.A=0UN`0.mP0]N`0.Hf0YN`0.nd0YN`0RichXN`0........................PE..L...\y.V...........!......... ...............0.......................................................................6..k....0.......`.......................p.......................................................0...............................text...G........................... ..`.rdata..k....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..<....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsw39B6.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):7
                                                                                                                                                                                                                                            Entropy (8bit):2.8073549220576046
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Ngn:Ng
                                                                                                                                                                                                                                            MD5:C21F969B5F03D33D43E04F8F136E7682
                                                                                                                                                                                                                                            SHA1:7505D64A54E061B7ACD54CCD58B49DC43500B635
                                                                                                                                                                                                                                            SHA-256:37A8EEC1CE19687D132FE29051DCA629D164E2C4958BA141D5F4133A33F0688F
                                                                                                                                                                                                                                            SHA-512:1625CDB75D25D9F699FD2779F44095B6E320767F606F095EB7EDAB5581E9E3441ADBB0D628832F7DC4574A77A382973CE22911B7E4DF2A9D2C693826BBD125BC
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:default

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\temp_event

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                            Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                            MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                            SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                            SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                            SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\temp_settings

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):29
                                                                                                                                                                                                                                            Entropy (8bit):2.4688702187432865
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:nVUdvGt1U:Zte
                                                                                                                                                                                                                                            MD5:86CF4BCCD386456CA8091DEC847A0AD1
                                                                                                                                                                                                                                            SHA1:F6E3A73D7A1284A46E62EDCEBC7351FF6854CF65
                                                                                                                                                                                                                                            SHA-256:002A1BEFFB815578D1551DF0D56F2153EAFDE7DCE1902FB3328421242726C19B
                                                                                                                                                                                                                                            SHA-512:620FACF072B2BF312180A0A5A48BF5688F9D53AD4699B5D676E041C4840082A87F5AD7DD82C216F1B5136FA1AF89EFF7FAEAEFED0F20547355B057A3DE4C61B7
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:0,0,0,1,2,64,2,5,256,1,2,64,1

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\testfile.temp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\diskspd.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):104857600
                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                            MD5:2F282B84E7E608D5852449ED940BFC51
                                                                                                                                                                                                                                            SHA1:2C2CECCB5EC5574F791D45B63C940CFF20550F9A
                                                                                                                                                                                                                                            SHA-256:20492A4D0D84F8BEB1767F6616229F85D44C2827B64BDBFB260EE12FA1109E0E
                                                                                                                                                                                                                                            SHA-512:2798503C2C7B718799324122137BF30A562AAD1BC04BBF343DAAD225A5FD0D1FD5D269843A01AB00D4F8D8C5AB34F8956065F9831EF7459E9C487E895099E956
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 5 14:10:44 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2673
                                                                                                                                                                                                                                            Entropy (8bit):3.973094749515665
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:190B3334F3405731D903BFECDC9CCA5B
                                                                                                                                                                                                                                            SHA1:7E67314750A552063EB25C2B5D14FFA74DBF3D29
                                                                                                                                                                                                                                            SHA-256:D01BFFA56FB51C4308CBE834ACAD8F10C4F21256BE2045327D8BE346A2D8BF93
                                                                                                                                                                                                                                            SHA-512:BE0304FF97A60DAF763E1B50FCE88F04B473ACF2C8B37F7A44B3EC56212D92011AD8FFFC4C829BD90AE74929E1B54C247BDB525EE677850E35FC1F2BBDE8B3B0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,.....=.}EX....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.IEXUy....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEXUy....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.VEXUy....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.VEXUy.............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VEXWy...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q.[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 5 14:10:44 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2675
                                                                                                                                                                                                                                            Entropy (8bit):3.988444992565545
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:2BCAF998CA056C3A949A23D90BC7271F
                                                                                                                                                                                                                                            SHA1:3A481FB4C984F642C085962A532CDEFAAE929FA4
                                                                                                                                                                                                                                            SHA-256:94E30210648751CF0690511C11A3D0A4765E4FC520E3CCC15802F52A17579DAD
                                                                                                                                                                                                                                            SHA-512:AE45D4544A55F73CDC989E66BECD12A79BDAF3A3CB9AFDDE401DF768532DFF7DC41FFC4BE97A57DB3671061F499602C19786F10AB8C9A534D6390231D8D87600
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,.......}EX....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.IEXUy....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEXUy....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.VEXUy....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.VEXUy.............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VEXWy...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q.[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2689
                                                                                                                                                                                                                                            Entropy (8bit):4.0004269665267405
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:713003CE09E2E281A58B7D350459F595
                                                                                                                                                                                                                                            SHA1:2D780587CD84AC402E8E9A55810A3014A74F42C2
                                                                                                                                                                                                                                            SHA-256:9C0AE033028B420028F4F803D5ECDB953D4F14A6092D2DE84DFA57AD6E0D78AA
                                                                                                                                                                                                                                            SHA-512:A53B373A7F3B209D2505729DC125653A80C44D93DEA28EB67CC3E97F68AF9343FE75CE749623567F4EDBF798C46A1D935933B3788A17FE6B408E0842A5AAB654
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,.....<}.i.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.IEXUy....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEXUy....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.VEXUy....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.VEXUy.............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VEW.F...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q.[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 5 14:10:44 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2677
                                                                                                                                                                                                                                            Entropy (8bit):3.984056407204242
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:BAA0B100EDCF902157131005723E02EF
                                                                                                                                                                                                                                            SHA1:9F7515EF44C84B5D840D0D01BC2263994C8F79FB
                                                                                                                                                                                                                                            SHA-256:EDC615671FFF4CB0D4E40562702CCD6F1C1C5EAD98D9F334B7C2B75A4F41075C
                                                                                                                                                                                                                                            SHA-512:D3727B9804D5AD0D55D547F50A14660D3910D1426E373C03A58909C206E5989D390ED220D018AE6C6205B87B22F512BE2E8902EBA61341841D9118DD54A31B97
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,....p..}EX....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.IEXUy....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEXUy....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.VEXUy....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.VEXUy.............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VEXWy...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q.[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 5 14:10:44 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2677
                                                                                                                                                                                                                                            Entropy (8bit):3.978675816542043
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:89ABD73297D44F632F9428C1649586EB
                                                                                                                                                                                                                                            SHA1:51C35C7F08A1DAA42EF0F97BB163CE950E28E2FE
                                                                                                                                                                                                                                            SHA-256:3F6FF0ADE81D68B6B07E1A2E2BA4E8A2230853CD42325300ADC37A800876F93F
                                                                                                                                                                                                                                            SHA-512:FD51193CFDEFBB0DF0C1B1AC697C2CB1DF804703B4ED23E35F4C11D5D132674C28C94FFA1A532B360B086035C775CAF14ACA47DFF4F14BB26D5A55FA7188586E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,.......}EX....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.IEXUy....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEXUy....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.VEXUy....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.VEXUy.............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VEXWy...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q.[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 5 14:10:44 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2679
                                                                                                                                                                                                                                            Entropy (8bit):3.9887309969909017
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:64736DC7B1931B4D55D15C1A4CA880C7
                                                                                                                                                                                                                                            SHA1:4B14716453AD2D626C0293B2E21E3CCA78FCE3C8
                                                                                                                                                                                                                                            SHA-256:68F73FC3CEC7D0C3F92C468B8391D9FAD71436AC7650EDA635FD4433565DDEC5
                                                                                                                                                                                                                                            SHA-512:806D7EC7D040AB0DCC727EDED82697A8C035BD8D7BF01487DE44C9D515AD59AC8B50628F3BF0B3F52812F13A07709BE341519314849E790A98E42078B8CE905B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,.......}EX....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.IEXUy....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEXUy....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.VEXUy....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.VEXUy.............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VEXWy...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q.[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Fast!.lnk

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Fri Nov 17 09:35:18 2023, mtime=Mon Feb 5 14:11:26 2024, atime=Fri Nov 17 09:35:18 2023, length=1983320, window=hide
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1938
                                                                                                                                                                                                                                            Entropy (8bit):3.2365205580468492
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:861EBB5D773D789880FF9117E07ED883
                                                                                                                                                                                                                                            SHA1:C3597FE1B85780442B33982BA693F8A21E3D7A99
                                                                                                                                                                                                                                            SHA-256:92DC9C084AEEDD00CDDB2B58E6B15BB2E03013ADF9AF0B92E74916899094C45B
                                                                                                                                                                                                                                            SHA-512:1231AE8C6A4E9B5616AF3645130A6F6954AE01459AF02AE42CD6790E40ACE505C97D8B3CB29C2731830FCEC1FC51D78FB698F142CAA175A526ED0AFCAF412D59
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:L..................F.@.. ....7..A...!M.EX...7..A...XC......................s....P.O. .:i.....+00.../C:\.....................1.....EXUy..PROGRA~2.........O.IEX]y....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1.....EXny..Fast!.<......EXUyEXny....L.....................l...F.a.s.t.!.....\.2.XC..qWiT .fast!.exe.D......qWiTEXky..............................f.a.s.t.!...e.x.e.......U...............-.......T...........q.[.....C:\Program Files (x86)\Fast!\fast!.exe..>.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.f.a.s.t.!...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.&.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.F.a.s.t.!...e.x.e.........%ProgramFiles%\Fast!\Fast!.exe......................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Uninstall.lnk

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Feb 5 14:11:26 2024, mtime=Mon Feb 5 14:11:26 2024, atime=Mon Feb 5 14:11:26 2024, length=475630, window=hide
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1984
                                                                                                                                                                                                                                            Entropy (8bit):3.330607397267775
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:2DC56DC1E5DFA50FED3560BADDE993CA
                                                                                                                                                                                                                                            SHA1:9D3A486C2D4263A68C6D319586D67E6D50824375
                                                                                                                                                                                                                                            SHA-256:85BFBC866E329A0DB6B57F25D14647835E6499EABFC40108720EF81F82B7055E
                                                                                                                                                                                                                                            SHA-512:E9EAB5094624E7DFABBC2DFCDC2E63F5917E95B13DC1E2DEBC32F659541DA01104AA71644829670EFAB1B90752669EF79D837F7D08FEDA023B4F84BA3262CFD8
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:L..................F.@.. ......EX.....EX.....EX...A...........................P.O. .:i.....+00.../C:\.....................1.....EXUy..PROGRA~2.........O.IEX]y....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1.....EXny..Fast!.<......EXUyEXny....L.....................l...F.a.s.t.!.....l.2..A..EXny .UNINST~1.EXE..P......EXnyEXny..........................l...u.n.i.n.s.t.a.l.l.e.r...e.x.e.......[...............-.......Z...........q.[.....C:\Program Files (x86)\Fast!\uninstaller.exe..D.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.u.n.i.n.s.t.a.l.l.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.u.n.i.n.s.t.a.l.l.e.r...e.x.e.........%ProgramFiles%\Fast!\uninstaller.exe..................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\Desktop\Fast!.lnk

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Nov 17 09:35:18 2023, mtime=Mon Feb 5 14:11:20 2024, atime=Fri Nov 17 09:35:18 2023, length=1983320, window=hide
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1036
                                                                                                                                                                                                                                            Entropy (8bit):4.6444024013711065
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:B11EF2EB5A511FDC22D2DEA4BA528238
                                                                                                                                                                                                                                            SHA1:58BE218C6612E80AB5942AD4C58CC17943B804AE
                                                                                                                                                                                                                                            SHA-256:F903799FCE310D5F1F4F7D3644D37B5D31019C157BB4C40901C7E45E2213EF7B
                                                                                                                                                                                                                                            SHA-512:D6110C7C5D8E355EF85B7198721C956A5224C863A545E0741A63F9BC885559E89E53F37CBA8E7C9F3DB848E20BC4DF0B54575C3AC5E053875D1FF4C3E476A616
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:L..................F.... ....7..A......EX...7..A...XC......................s....P.O. .:i.....+00.../C:\.....................1.....EXUy..PROGRA~2.........O.IEX]y....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1.....EXky..Fast!.<......EXUyEXky....L........................F.a.s.t.!.....\.2.XC..qWiT .fast!.exe.D......qWiTEXky..............................f.a.s.t.!...e.x.e.......U...............-.......T...........q.[.....C:\Program Files (x86)\Fast!\fast!.exe..,.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.f.a.s.t.!...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.........*................@Z|...K.J.........`.......X.......651689...........hT..CrF.f4... ..H%.8....,...E...hT..CrF.f4... ..H%.8....,...E..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.........9...1SPS..mD..pH.H@..=x.....h

                                                                                                                                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):55
                                                                                                                                                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                            Chrome Cache Entry: 226

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1632)
                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                            Size (bytes):5776
                                                                                                                                                                                                                                            Entropy (8bit):5.406231475448828
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:EED76F35E91F6AA4CC81975B39DBE5F8
                                                                                                                                                                                                                                            SHA1:F3621A40F3CA29EC20751427841051450494B2DD
                                                                                                                                                                                                                                            SHA-256:C3C96CCEAFDE14A4669C2114EE0D10BCE6EC0163064151A98824A2575D97EAF7
                                                                                                                                                                                                                                            SHA-512:3B67D03351DA819A09C0AB16C549ABA5BF33897C7E50DC96B8436BCD97DF3421D82FF0F758FC276AB25A7569468450994F83A947306AB363821D27AD7B615C69
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            URL:https://fonts.googleapis.com/css?family=Open%20Sans
                                                                                                                                                                                                                                            Preview:/* cyrillic-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVIGxA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVIGxA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4saVIGxA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-fa

                                                                                                                                                                                                                                            Chrome Cache Entry: 227

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (64347)
                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                            Size (bytes):218853
                                                                                                                                                                                                                                            Entropy (8bit):5.455756769800765
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:26A729125E52380427FD951672D039D4
                                                                                                                                                                                                                                            SHA1:AD8C3433BBFB0B5611404E597717A5C21C4247AE
                                                                                                                                                                                                                                            SHA-256:22CF1BABA55ECED80D7EBB0DE51FC8961757EF581964F8E10EBC8676399EBA81
                                                                                                                                                                                                                                            SHA-512:19EFB34CAEC308513BFE7A091434DA1AF8906C2C9D5A1F94CDC3CB78A0DE87DD012A70433294AFE25F50A77080E194CF85CEF42717BDBDAF30FA975A392DAF8E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            URL:https://connect.facebook.net/en_US/fbevents.js
                                                                                                                                                                                                                                            Preview:/**.* Copyright (c) 2017-present, Facebook, Inc. All rights reserved..*.* You are hereby granted a non-exclusive, worldwide, royalty-free license to use,.* copy, modify, and distribute this software in source code or binary form for use.* in connection with the web services and APIs provided by Facebook..*.* As with any software that integrates with the Facebook platform, your use of.* this software is subject to the Facebook Platform Policy.* [http://developers.facebook.com/policy/]. This copyright notice shall be.* included in all copies or substantial portions of the software..*.* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.* CONNECTION WI

                                                                                                                                                                                                                                            Chrome Cache Entry: 228

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):675
                                                                                                                                                                                                                                            Entropy (8bit):7.606800268124855
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:8D1ED092B3BE364DC47574F1310D2C87
                                                                                                                                                                                                                                            SHA1:D5BBA623B5AFB4C5B6C0AD5ED04A10F1881DA595
                                                                                                                                                                                                                                            SHA-256:07B61E98466A1F851D5DCF555AD9B901684EE622275129B98C38DA3785506FF2
                                                                                                                                                                                                                                            SHA-512:70134A9B5B786473A56F11BA7098CA6AF568EEF97AA8704A9748A5EFDFC4F16CEE1F9C22CEA9F55660BE4FEB14D6C1B5B09A7C76076D4F813A58FECF27BB8828
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.PNG........IHDR... ... .....szz....jIDATx..VKK.Q....R."..q.....Z.|.P....."b..'.......XiE..B6.6Z.c4.8....nf.$Nf&^. d1.w..9'.*..$.(.2N.V.|.&....g...8.E.%].y.G_$8...O.H..4....%..>.N...P.....K..V9Z..4f..Y.,..T.pGi.%.?8.,@..W.'q...g...}p8....y.5r.......)......&....(.WrD_V.er.).h.....t....c~sN..u&S....Z.m|.n..c.-_.A....(...._....X....,.hBD..<Z..Yk.V..._7V...U.........;....'....F..>;B..8.^.f../.:.. a?]..\.l......&@dD.g..y.r.p.g....fG<......M...r.....c..,...FJ,W...2G...d.9Q.4..5{4D...,._Oe.......Csbw.M~......dU.........j.0W.....r...'.s6..S......n...E...V@..e.$V....rfeN7.I...z+..`..R.,.N.]...>z..i#.*.~b.....N'..~0go.].*....I.e.x........[.S......IEND.B`.

                                                                                                                                                                                                                                            Chrome Cache Entry: 229

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                            Size (bytes):675
                                                                                                                                                                                                                                            Entropy (8bit):7.606800268124855
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:8D1ED092B3BE364DC47574F1310D2C87
                                                                                                                                                                                                                                            SHA1:D5BBA623B5AFB4C5B6C0AD5ED04A10F1881DA595
                                                                                                                                                                                                                                            SHA-256:07B61E98466A1F851D5DCF555AD9B901684EE622275129B98C38DA3785506FF2
                                                                                                                                                                                                                                            SHA-512:70134A9B5B786473A56F11BA7098CA6AF568EEF97AA8704A9748A5EFDFC4F16CEE1F9C22CEA9F55660BE4FEB14D6C1B5B09A7C76076D4F813A58FECF27BB8828
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            URL:https://repository.pcapp.store/pcapp/images/fast.png
                                                                                                                                                                                                                                            Preview:.PNG........IHDR... ... .....szz....jIDATx..VKK.Q....R."..q.....Z.|.P....."b..'.......XiE..B6.6Z.c4.8....nf.$Nf&^. d1.w..9'.*..$.(.2N.V.|.&....g...8.E.%].y.G_$8...O.H..4....%..>.N...P.....K..V9Z..4f..Y.,..T.pGi.%.?8.,@..W.'q...g...}p8....y.5r.......)......&....(.WrD_V.er.).h.....t....c~sN..u&S....Z.m|.n..c.-_.A....(...._....X....,.hBD..<Z..Yk.V..._7V...U.........;....'....F..>;B..8.^.f../.:.. a?]..\.l......&@dD.g..y.r.p.g....fG<......M...r.....c..,...FJ,W...2G...d.9Q.4..5{4D...,._Oe.......Csbw.M~......dU.........j.0W.....r...'.s6..S......n...E...V@..e.$V....rfeN7.I...z+..`..R.,.N.]...>z..i#.*.~b.....N'..~0go.].*....I.e.x........[.S......IEND.B`.

                                                                                                                                                                                                                                            Chrome Cache Entry: 230

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            File Type:Web Open Font Format (Version 2), TrueType, length 18668, version 1.0
                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                            Size (bytes):18668
                                                                                                                                                                                                                                            Entropy (8bit):7.988119248989337
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                            MD5:8655D20BBCC8CDBFAB17B6BE6CF55DF3
                                                                                                                                                                                                                                            SHA1:90EDBFA9A7DABB185487B4774076F82EB6412270
                                                                                                                                                                                                                                            SHA-256:E7AF9D60D875EB1C1B1037BBBFDEC41FCB096D0EBCF98A48717AD8B07906CED6
                                                                                                                                                                                                                                            SHA-512:47308DE25BD7E4CA27F59A2AE681BA64393FE4070E730C1F00C4053BAC956A9B4F7C0763C04145BC50A5F91C12A0BF80BDD4B03EECC2036CD56B2DB31494CBAF
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            URL:https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
                                                                                                                                                                                                                                            Preview:wOF2......H...........H..........................|.....h.`?STAT^..0..|...........+..2..6.$..`. ..x........z'o..w;....6.E....6....E...'$H.#.....n1X..JU/.d.O..JC.'J".v.v.l.h.....u.S...SY.....B.hz.o.}......W......%m6...A..=....\..m. .]..~.[..........]...I.*.h.=.....6.xt..F....Lt...Qs-.7..{...~BI.".F.Q......F...P..dMw..#I2........Rq.Q&.0@.;..;...3VG..:c.nki..-Q..2##e.u...8n....\?....T..b....^..#...../.J|OM..St....e.S.}!.....>..i.T/a.ES%.W.P3..`..a.R.A.....!~g..74.np8o.....d[6?.P.4)P.....AG.3.......;#0.y....M..O/2.@.4..N.vA$.:M&H,.AT".........@..a.~..L->...0@h...~.._..N"......t......C./g7..............2E.N.J...TW.F..."A.B...n.......i.?.{\.L.!*.B..x...S..!........?.\,... .@.....y"xw.A8.w..!E..-^P O..+.T.r.R.zz..K..].E.....Ri.)g.P...j..w..c.M.F.v../........Q....'...(....X..;.K.!BZ3.........f.....N.A(....cA`.b'...`.~sa*^.....?..../.L.S......t..`@h..C.....>N.W...;>..._h.+~=|......uOGA{.7.....h....q.d.4$.x<.....^0|...@....@Q[RC.0....b....'...*RID

                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                            Entropy (8bit):7.693469005681391
                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                            File name:Setup (1).exe
                                                                                                                                                                                                                                            File size:142'536 bytes
                                                                                                                                                                                                                                            MD5:ec427b1bf867dc6fdfdfc2b5219f44de
                                                                                                                                                                                                                                            SHA1:d23dfcbd02089bc6f13db8dd4cf1f9c5a085d275
                                                                                                                                                                                                                                            SHA256:9b1d8b1bafd4f496de3e996dc6778ff0c75f37f2e5eaa5a60049d7c8338e7ef5
                                                                                                                                                                                                                                            SHA512:46b8c187ce0ad0a1e8f99703444b7c0494aaab1d2b275de5d655f01e237a5af7b35399ca70f21dc51db875066ddc7f347dfa3864a8f2bc1970ff56ce8ff3840c
                                                                                                                                                                                                                                            SSDEEP:3072:tqRaMrUwmuvDWLcKKDiH699VrvaaabJb1TYwC6+5WulEG1Uu:tnx13KeH69nrvaa6TYo+5WoEKU
                                                                                                                                                                                                                                            TLSH:19D3DF86279845B3FA8175F03967DF2BFA764E4374610A8387727DA36971283CD0A21F
                                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3(..RF..RF..RF.*]...RF..RG.pRF.*]...RF..qv..RF..T@..RF.Rich.RF.........................PE..L...oy.V.................`.........

                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                            Icon Hash:60d81b192413490d

                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Entrypoint:0x40310d
                                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                            Time Stamp:0x567F796F [Sun Dec 27 05:38:55 2015 UTC]
                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                            Import Hash:29b61e5a552b3a9bc00953de1c93be41

                                                                                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                                                                                            Signature Valid:true
                                                                                                                                                                                                                                            Signature Issuer:CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
                                                                                                                                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                            Error Number:0
                                                                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                                                                            • 21/03/2020 21:24:45 20/05/2021 16:51:43
                                                                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                                                                            • CN=Fast Corporate LTD, O=Fast Corporate LTD, L=Kfar Saba, C=IL
                                                                                                                                                                                                                                            Version:3
                                                                                                                                                                                                                                            Thumbprint MD5:609182DDEB26105E8E32FEBE91ED5B11
                                                                                                                                                                                                                                            Thumbprint SHA-1:930C9C4D910DB2B8522BC4E18CF70C7C1A5B3927
                                                                                                                                                                                                                                            Thumbprint SHA-256:26A9AD0DA011EFDFFD745BA4644737331414260B452AF58EE8F4BB7AE5342E8A
                                                                                                                                                                                                                                            Serial:00D6A5C821A6FB7C3C

                                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                            sub esp, 00000180h
                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                            push edi
                                                                                                                                                                                                                                            xor ebx, ebx
                                                                                                                                                                                                                                            push 00008001h
                                                                                                                                                                                                                                            mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                                            mov dword ptr [esp+14h], 00409188h
                                                                                                                                                                                                                                            xor esi, esi
                                                                                                                                                                                                                                            mov byte ptr [esp+18h], 00000020h
                                                                                                                                                                                                                                            call dword ptr [004070B4h]
                                                                                                                                                                                                                                            call dword ptr [004070B0h]
                                                                                                                                                                                                                                            cmp ax, 00000006h
                                                                                                                                                                                                                                            je 00007FA1F47EDCB3h
                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                            call 00007FA1F47F0A89h
                                                                                                                                                                                                                                            cmp eax, ebx
                                                                                                                                                                                                                                            je 00007FA1F47EDCA9h
                                                                                                                                                                                                                                            push 00000C00h
                                                                                                                                                                                                                                            call eax
                                                                                                                                                                                                                                            push 0040917Ch
                                                                                                                                                                                                                                            call 00007FA1F47F0A0Ah
                                                                                                                                                                                                                                            push 00409174h
                                                                                                                                                                                                                                            call 00007FA1F47F0A00h
                                                                                                                                                                                                                                            push 00409168h
                                                                                                                                                                                                                                            call 00007FA1F47F09F6h
                                                                                                                                                                                                                                            push 0000000Dh
                                                                                                                                                                                                                                            call 00007FA1F47F0A59h
                                                                                                                                                                                                                                            push 0000000Bh
                                                                                                                                                                                                                                            call 00007FA1F47F0A52h
                                                                                                                                                                                                                                            mov dword ptr [0042EC44h], eax
                                                                                                                                                                                                                                            call dword ptr [00407034h]
                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                            call dword ptr [00407270h]
                                                                                                                                                                                                                                            mov dword ptr [0042ECF8h], eax
                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                            lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                                            push 00000160h
                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                            push 00429078h
                                                                                                                                                                                                                                            call dword ptr [00407160h]
                                                                                                                                                                                                                                            push 0040915Ch
                                                                                                                                                                                                                                            push 0042E440h
                                                                                                                                                                                                                                            call 00007FA1F47F0689h
                                                                                                                                                                                                                                            call dword ptr [004070ACh]
                                                                                                                                                                                                                                            mov ebp, 00434000h
                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                            call 00007FA1F47F0677h
                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                            call dword ptr [00407144h]

                                                                                                                                                                                                                                            Rich Headers

                                                                                                                                                                                                                                            Programming Language:
                                                                                                                                                                                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x74d80xa0.rdata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3f0000x1f78.rsrc
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x1f6100x36b8.data
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x70000x280.rdata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                            .text0x10000x5e3c0x60001a13b408c917b27c9106545148d3b8d3False0.6686197916666666data6.432295288512854IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .rdata0x70000x126a0x1400921acf8cb0aea87c0603fa899765fcc2False0.43359375data5.00588726544978IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .data0x90000x25d380x600797517c6ef57aa95d53df2cf07568953False0.474609375data4.291756049727371IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .ndata0x2f0000x100000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .rsrc0x3f0000x1f780x20008ee48031ec18cba37f9a5079c63bfdbdFalse0.2716064453125data4.3798911673501575IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                            RT_ICON0x3f1f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.15478424015009382
                                                                                                                                                                                                                                            RT_ICON0x402980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.3953900709219858
                                                                                                                                                                                                                                            RT_DIALOG0x407000x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                                            RT_DIALOG0x409080xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                                            RT_DIALOG0x40a000xa0dataEnglishUnited States0.60625
                                                                                                                                                                                                                                            RT_DIALOG0x40aa00xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                                                                            RT_GROUP_ICON0x40b900x22dataEnglishUnited States1.0
                                                                                                                                                                                                                                            RT_MANIFEST0x40bb80x3beXML 1.0 document, ASCII text, with very long lines (958), with no line terminatorsEnglishUnited States0.5187891440501043

                                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                            KERNEL32.dllSetFileAttributesA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CompareFileTime, SearchPathA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, CreateDirectoryA, lstrcmpiA, GetCommandLineA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, LoadLibraryA, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, WaitForSingleObject, GetWindowsDirectoryA, GetTempPathA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, LoadLibraryExA, GetModuleHandleA, MultiByteToWideChar, FreeLibrary
                                                                                                                                                                                                                                            USER32.dllGetWindowRect, EnableMenuItem, GetSystemMenu, ScreenToClient, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, PostQuitMessage, RegisterClassA, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, OpenClipboard, TrackPopupMenu, SendMessageTimeoutA, GetDC, LoadImageA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, SetWindowLongA, EmptyClipboard, SetTimer, CreateDialogParamA, wsprintfA, ShowWindow, SetWindowTextA
                                                                                                                                                                                                                                            GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                                            SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                                                                                                                                                                                            ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                                                                                                                                            COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                                                                                                                            ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:32.797787905 CET49677443192.168.2.920.189.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:34.953965902 CET49676443192.168.2.923.206.229.209
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:34.953994989 CET49675443192.168.2.923.206.229.209
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:35.204013109 CET49674443192.168.2.923.206.229.209
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:37.610260963 CET49677443192.168.2.920.189.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.127286911 CET49708443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.127338886 CET44349708161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.127444983 CET49708443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.250528097 CET49708443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.250560999 CET44349708161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.516153097 CET44349708161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.516346931 CET49708443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.773937941 CET49708443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.773981094 CET44349708161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.775010109 CET44349708161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.775120974 CET49708443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.813430071 CET49673443192.168.2.9204.79.197.203
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.829575062 CET49708443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.869914055 CET44349708161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.977549076 CET44349708161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.977626085 CET49708443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.977629900 CET44349708161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.977695942 CET49708443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:39.001996040 CET49708443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:39.002039909 CET44349708161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.392225027 CET49711443192.168.2.974.125.138.84
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.392225981 CET49710443192.168.2.9172.217.215.102
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.392257929 CET4434971174.125.138.84192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.392266035 CET44349710172.217.215.102192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.392329931 CET49710443192.168.2.9172.217.215.102
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.392332077 CET49711443192.168.2.974.125.138.84
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.392544985 CET49710443192.168.2.9172.217.215.102
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.392565966 CET44349710172.217.215.102192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.392636061 CET49711443192.168.2.974.125.138.84
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.392647028 CET4434971174.125.138.84192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.538815975 CET49714443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.538862944 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.538971901 CET49714443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.539681911 CET49714443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.539683104 CET49715443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.539700031 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.539716959 CET44349715161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.539769888 CET49715443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.540070057 CET49715443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.540079117 CET44349715161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.616427898 CET44349710172.217.215.102192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.616914034 CET49710443192.168.2.9172.217.215.102
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.616926908 CET44349710172.217.215.102192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.617038012 CET4434971174.125.138.84192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.617361069 CET44349710172.217.215.102192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.617486954 CET49710443192.168.2.9172.217.215.102
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.617906094 CET49711443192.168.2.974.125.138.84
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.617914915 CET4434971174.125.138.84192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.618626118 CET44349710172.217.215.102192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.618979931 CET4434971174.125.138.84192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.619014978 CET49710443192.168.2.9172.217.215.102
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.619148016 CET49711443192.168.2.974.125.138.84
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.619739056 CET49710443192.168.2.9172.217.215.102
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.619824886 CET44349710172.217.215.102192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.620119095 CET49711443192.168.2.974.125.138.84
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.620120049 CET49710443192.168.2.9172.217.215.102
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.620129108 CET44349710172.217.215.102192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.620178938 CET4434971174.125.138.84192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.620312929 CET49711443192.168.2.974.125.138.84
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.661899090 CET4434971174.125.138.84192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.663369894 CET49710443192.168.2.9172.217.215.102
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.663371086 CET49711443192.168.2.974.125.138.84
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.663378000 CET4434971174.125.138.84192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.709820032 CET49711443192.168.2.974.125.138.84
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.791997910 CET44349715161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.792437077 CET49715443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.792448997 CET44349715161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.793695927 CET44349715161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.793840885 CET49715443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.794903994 CET49715443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.795217037 CET44349715161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.795414925 CET49715443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.795933008 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.797854900 CET49714443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.797879934 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.799041986 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.799190044 CET49714443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.800170898 CET49714443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.800273895 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.825176001 CET44349710172.217.215.102192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.825310946 CET44349710172.217.215.102192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.826069117 CET49710443192.168.2.9172.217.215.102
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.826359987 CET49710443192.168.2.9172.217.215.102
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.826370955 CET44349710172.217.215.102192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.841893911 CET44349715161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.849451065 CET49715443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.849453926 CET49714443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.849457026 CET44349715161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.849482059 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.863658905 CET4434971174.125.138.84192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.863996983 CET4434971174.125.138.84192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.864022970 CET49711443192.168.2.974.125.138.84
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.864466906 CET49711443192.168.2.974.125.138.84
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.870352030 CET49711443192.168.2.974.125.138.84
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.870366096 CET4434971174.125.138.84192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.895085096 CET49715443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.895085096 CET49714443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.051405907 CET44349715161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.051482916 CET44349715161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.054723024 CET49715443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.055721998 CET49715443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.055740118 CET44349715161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.073194027 CET49714443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.117909908 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.216697931 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.216737032 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.216744900 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.216785908 CET49714443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.216785908 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.216824055 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.216830015 CET49714443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.216831923 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.216873884 CET49714443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.218349934 CET49714443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.218373060 CET44349714161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.228440046 CET49716443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.228480101 CET44349716161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.228547096 CET49716443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.231055975 CET49716443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.231082916 CET44349716161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.233139992 CET49717443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.233176947 CET44349717161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.233241081 CET49717443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.233473063 CET49717443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.233490944 CET44349717161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.452486992 CET49718443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.452524900 CET44349718161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.452600002 CET49718443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.453136921 CET49718443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.453151941 CET44349718161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.494400024 CET44349717161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.494749069 CET44349716161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.494935989 CET49717443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.494947910 CET44349717161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.495064020 CET49716443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.495081902 CET44349716161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.495333910 CET44349717161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.495438099 CET44349716161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.495709896 CET49717443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.495789051 CET44349717161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.496069908 CET49716443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.496165037 CET44349716161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.496284008 CET49717443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.497396946 CET49716443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.537905931 CET44349716161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.537910938 CET44349717161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.547116041 CET49719443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.547148943 CET44349719161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.547276020 CET49719443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.547990084 CET49719443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.548001051 CET44349719161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.567512035 CET49676443192.168.2.923.206.229.209
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.567531109 CET49675443192.168.2.923.206.229.209
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.696453094 CET44349718161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.697065115 CET49718443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.697098970 CET44349718161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.698193073 CET44349718161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.698282957 CET49718443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.699089050 CET49718443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.699165106 CET44349718161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.699309111 CET49718443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.699321032 CET44349718161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.738656044 CET44349717161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.738689899 CET44349717161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.738763094 CET49717443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.738779068 CET44349717161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.738820076 CET44349717161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.738873959 CET49717443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.740387917 CET49718443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.763732910 CET44349716161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.763830900 CET44349716161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.764453888 CET49716443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.792846918 CET49717443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.792881966 CET44349717161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.793243885 CET49716443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.793263912 CET44349716161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.795308113 CET49718443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.795424938 CET44349718161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.795481920 CET49718443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.799520016 CET49720443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.799556971 CET44349720161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.799621105 CET49720443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.801079035 CET44349719161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.801146030 CET49719443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.801793098 CET49719443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.801800013 CET44349719161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.802138090 CET49719443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.802144051 CET44349719161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.802687883 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.802731037 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.802792072 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.802975893 CET49720443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.802994967 CET44349720161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.803150892 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.803162098 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:44.810960054 CET49674443192.168.2.923.206.229.209
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.070471048 CET44349719161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.070609093 CET49719443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.070621014 CET44349719161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.070655107 CET44349719161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.070748091 CET49719443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.086749077 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.087212086 CET44349720161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.087476969 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.087491989 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.087711096 CET49720443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.087726116 CET44349720161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.087882996 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.089257956 CET44349720161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.089289904 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.089389086 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.089636087 CET49720443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.090595007 CET49720443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.090728045 CET44349720161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.091624022 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.091775894 CET49720443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.091785908 CET44349720161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.120434999 CET49719443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.120466948 CET44349719161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.133913994 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.139010906 CET49720443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.317270994 CET44349720161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.317401886 CET44349720161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.317610025 CET49720443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.357667923 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.357707024 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.357764959 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.359174013 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.359184980 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.390856028 CET49720443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.390882015 CET44349720161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.469670057 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.469696045 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.469739914 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.469767094 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.469798088 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.469813108 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.469839096 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.469866991 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.469871998 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.469897032 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.469923019 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.591146946 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.591171026 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.591216087 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.591227055 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.591262102 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.591284990 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.591417074 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.591434956 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.591478109 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.591485023 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.591526031 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.597917080 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.597934961 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.597985983 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.597990990 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.598042011 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.604295969 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.604373932 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.607027054 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.607108116 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.607114077 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.607131958 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.607290983 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.607320070 CET49721443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.607331038 CET44349721161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.617640972 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.617646933 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.618052006 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.618113041 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.620250940 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.628300905 CET49727443192.168.2.937.19.206.5
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.628340006 CET4434972737.19.206.5192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.628505945 CET49727443192.168.2.937.19.206.5
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.629066944 CET49727443192.168.2.937.19.206.5
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.629076958 CET4434972737.19.206.5192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.661914110 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.884222984 CET4434972737.19.206.5192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.884557962 CET49727443192.168.2.937.19.206.5
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.884571075 CET4434972737.19.206.5192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.885651112 CET4434972737.19.206.5192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.886399031 CET49727443192.168.2.937.19.206.5
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.886852980 CET49727443192.168.2.937.19.206.5
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.886920929 CET4434972737.19.206.5192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.886944056 CET49727443192.168.2.937.19.206.5
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.910335064 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.910356045 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.910387039 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.910445929 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.910478115 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.910492897 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.910521984 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.926913023 CET49727443192.168.2.937.19.206.5
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.926923990 CET4434972737.19.206.5192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.972876072 CET49727443192.168.2.937.19.206.5
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.014566898 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.014599085 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.014657021 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.014678001 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.014700890 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.014717102 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.062340975 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.062375069 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.062423944 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.062442064 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.062483072 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.062500954 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.113018036 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.113050938 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.113101006 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.113118887 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.113158941 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.122885942 CET4434972737.19.206.5192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.123270035 CET4434972737.19.206.5192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.123353004 CET49727443192.168.2.937.19.206.5
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.124581099 CET49727443192.168.2.937.19.206.5
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.124600887 CET4434972737.19.206.5192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.142699003 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.142731905 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.142786980 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.142803907 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.142853022 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.142872095 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.174663067 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.174691916 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.174789906 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.174804926 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.174905062 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.201749086 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.201781988 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.201836109 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.201848984 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.201900005 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.222476006 CET4434970623.206.229.209192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.222584009 CET49706443192.168.2.923.206.229.209
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.233619928 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.233644009 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.233743906 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.233758926 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.233798981 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.247765064 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.247791052 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.247874975 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.247889042 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.247941017 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.262933016 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.262959003 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.263020039 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.263036013 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.263084888 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.279237986 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.279258013 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.279345036 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.279360056 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.279455900 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.292166948 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.292186975 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.292301893 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.292318106 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.292360067 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.306364059 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.306401014 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.306461096 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.306478024 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.306518078 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.306566954 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.317928076 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.317950964 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.318047047 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.318063974 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.318103075 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.330924034 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.330945969 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.331048012 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.331048012 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.331065893 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.331125021 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.341340065 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.341361046 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.341453075 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.341465950 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.341506958 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.344397068 CET49728443192.168.2.989.187.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.344436884 CET4434972889.187.173.11192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.345093012 CET49728443192.168.2.989.187.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.345320940 CET49728443192.168.2.989.187.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.345338106 CET4434972889.187.173.11192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.351558924 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.351573944 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.351636887 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.351654053 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.351681948 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.351706982 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.363162994 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.363188982 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.363265991 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.363284111 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.363322020 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.372152090 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.372170925 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.372240067 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.372258902 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.372308016 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.381855011 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.381874084 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.381983042 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.382003069 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.382049084 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.389663935 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.389686108 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.389780998 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.389789104 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.389827967 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.398365974 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.398385048 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.398514986 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.398521900 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.398569107 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.405396938 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.405416012 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.405497074 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.405504942 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.405549049 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.413294077 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.413317919 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.413389921 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.413394928 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.413441896 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.419713020 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.419732094 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.419848919 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.419856071 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.419902086 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.425832987 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.425853014 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.425949097 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.425955057 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.426012993 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.432643890 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.432662010 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.432785988 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.432791948 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.432838917 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.438282013 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.438297987 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.438405991 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.438411951 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.438469887 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.444551945 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.444569111 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.444657087 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.444662094 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.444700956 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.449784040 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.449800968 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.449904919 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.449912071 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.449953079 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.455607891 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.455622911 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.455745935 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.455754042 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.455802917 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.460500956 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.460531950 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.460601091 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.460606098 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.460835934 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.465229034 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.465255022 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.465352058 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.465363026 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.465410948 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.470561028 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.470587969 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.470678091 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.470684052 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.470731974 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.475091934 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.475114107 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.475218058 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.475224018 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.475271940 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.480190039 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.480211020 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.480307102 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.480312109 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.480364084 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.484417915 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.484436989 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.484540939 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.484545946 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.484596014 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.489300013 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.489330053 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.489453077 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.489458084 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.489522934 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.493410110 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.493437052 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.493479013 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.493484020 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.493522882 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.493542910 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.498033047 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.498058081 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.498120070 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.498126030 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.498172045 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.501629114 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.501657009 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.501753092 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.501759052 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.501811028 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.505460024 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.505485058 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.505599022 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.505604029 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.505654097 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.508892059 CET49729443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.508924007 CET44349729161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.509006977 CET49729443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.509397984 CET49729443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.509413958 CET44349729161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.510150909 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.510179996 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.510224104 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.510227919 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.510277987 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.510298967 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.513866901 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.513901949 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.513983011 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.513988018 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.514014006 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.514090061 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.517419100 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.517436028 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.517549992 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.517555952 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.517601967 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.521842003 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.521858931 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.521950960 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.521956921 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.522001028 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.525353909 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.525371075 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.525449038 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.525454044 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.525502920 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.528697968 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.528716087 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.528795958 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.528801918 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.528846025 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.531974077 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.531991959 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.532073975 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.532079935 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.532124043 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.535928011 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.535945892 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.536030054 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.536039114 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.536087990 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.539172888 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.539191008 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.539297104 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.539303064 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.539352894 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.542224884 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.542242050 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.542356968 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.542363882 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.542417049 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.545993090 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.546010971 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.546083927 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.546089888 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.546123981 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.546143055 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.548994064 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.549011946 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.549088955 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.549096107 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.549143076 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.551733971 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.551750898 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.551835060 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.551841021 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.551888943 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.555502892 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.555519104 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.555609941 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.555615902 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.555666924 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.558348894 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.558367014 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.558440924 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.558446884 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.558487892 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.558506966 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.561156988 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.561172962 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.561248064 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.561254978 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.561299086 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.561316967 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.563886881 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.563903093 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.564009905 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.564016104 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.564062119 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.566535950 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.566555023 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.566617012 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.566621065 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.566699982 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.570034027 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.570059061 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.570158005 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.570163965 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.570208073 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.572609901 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.572634935 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.572748899 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.572756052 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.572808027 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.575083971 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.575100899 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.575158119 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.575165033 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.575222969 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.577694893 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.577713966 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.577786922 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.577791929 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.577843904 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.580769062 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.580786943 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.580841064 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.580846071 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.580887079 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.580910921 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.583147049 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.583164930 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.583214998 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.583225965 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.583259106 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.583276033 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.584243059 CET4434972889.187.173.11192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.584563971 CET49728443192.168.2.989.187.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.584579945 CET4434972889.187.173.11192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.585499048 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.585515022 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.585575104 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.585588932 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.585611105 CET4434972889.187.173.11192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.585633993 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.585663080 CET49728443192.168.2.989.187.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.585999966 CET49728443192.168.2.989.187.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.586061954 CET4434972889.187.173.11192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.586153030 CET49728443192.168.2.989.187.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.587510109 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.587527990 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.587603092 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.587625027 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.587665081 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.590411901 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.590428114 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.590486050 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.590506077 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.590524912 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.590548038 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.593131065 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.593148947 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.593198061 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.593209982 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.593230009 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.593246937 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.594983101 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.595000029 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.595057011 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.595068932 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.595091105 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.595108986 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.597632885 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.597651005 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.597747087 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.597757101 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.597791910 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.599514008 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.599530935 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.599590063 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.599601984 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.599675894 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.602144003 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.602159023 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.602233887 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.602243900 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.602272987 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.602292061 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.603866100 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.603885889 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.603940010 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.603948116 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.603976965 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.603996038 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.606403112 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.606420040 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.606468916 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.606479883 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.606507063 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.606519938 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.608880043 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.608896017 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.608968019 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.608978033 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.609018087 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.610620975 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.610637903 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.610701084 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.610717058 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.610733986 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.610758066 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.613037109 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.613053083 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.613099098 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.613109112 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.613136053 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.613148928 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.615010023 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.615027905 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.615113974 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.615125895 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.615165949 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.616935968 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.616951942 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.617037058 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.617047071 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.617091894 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.618837118 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.618879080 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.618931055 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.618938923 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.618976116 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.620718002 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.620734930 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.620795965 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.620805025 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.620815039 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.622373104 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.622615099 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.622631073 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.622678995 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.622685909 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.622713089 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.622733116 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.625219107 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.625233889 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.625309944 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.625318050 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.625360012 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.627132893 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.627147913 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.627217054 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.627224922 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.627265930 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.628899097 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.628916025 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.628969908 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.628977060 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.629014969 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.629034042 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.629941940 CET4434972889.187.173.11192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.630649090 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.630666018 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.630723000 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.630729914 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.630755901 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.630774021 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.632436991 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.632452011 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.632524967 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.632533073 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.632574081 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.632699013 CET49728443192.168.2.989.187.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.632713079 CET4434972889.187.173.11192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.634167910 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.634186029 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.634280920 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.634289026 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.634332895 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.635878086 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.635895014 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.635970116 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.635977983 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.636017084 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.636035919 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.638350010 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.638366938 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.638458014 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.638465881 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.638513088 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.639453888 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.639482975 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.639539957 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.639545918 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.639595985 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.641351938 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.641370058 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.641439915 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.641448021 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.641491890 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.643098116 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.643116951 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.643178940 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.643187046 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.643230915 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.644942999 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.644959927 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.645029068 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.645037889 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.645076036 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.646953106 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.646971941 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.647041082 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.647051096 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.647092104 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.648729086 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.648746014 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.648819923 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.648828030 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.648873091 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.649769068 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.649791956 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.649842978 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.649847984 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.649873972 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.649900913 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.651576042 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.651602030 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.651669979 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.651676893 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.651715040 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.653357983 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.653374910 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.653439045 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.653448105 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.653485060 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.655075073 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.655092001 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.655162096 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.655169010 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.655210018 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.656686068 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.656707048 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.656779051 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.656785011 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.656824112 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.658417940 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.658437014 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.658503056 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.658509016 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.658549070 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.660126925 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.660141945 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.660219908 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.660231113 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.660268068 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.661906004 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.661921978 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.662009001 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.662019014 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.662062883 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.663338900 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.663355112 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.663425922 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.663433075 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.663480043 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.664391994 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.664407969 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.664480925 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.664488077 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.664527893 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.666235924 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.666253090 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.666316032 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.666321993 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.666367054 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.667345047 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.667366028 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.667428017 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.667435884 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.667476892 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.669275045 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.669294119 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.669364929 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.669373035 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.669414997 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.670259953 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.670274973 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.670347929 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.670356035 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.670401096 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.672161102 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.672187090 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.672256947 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.672264099 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.672287941 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.672307968 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.673880100 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.673916101 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.673952103 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.673958063 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.673986912 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.674005985 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.674814939 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.674833059 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.674901962 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.674907923 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.674947977 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.676068068 CET49728443192.168.2.989.187.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.676528931 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.676546097 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.676598072 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.676604033 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.676644087 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.677555084 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.677572012 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.677656889 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.677663088 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.677711010 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.679200888 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.679217100 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.679279089 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.679286003 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.679325104 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.681343079 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.681359053 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.681422949 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.681427956 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.681467056 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.682262897 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.682279110 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.682333946 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.682338953 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.683937073 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.683962107 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.684000969 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.684006929 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.684056044 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.684082985 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.685396910 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.685411930 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.685480118 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.685487032 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.685527086 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.686661005 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.686686993 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.686723948 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.686729908 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.686742067 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.688237906 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.688263893 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.688299894 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.688304901 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.688332081 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.688357115 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.689291954 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.689308882 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.689376116 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.689383030 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.689426899 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.690224886 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.690239906 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.690283060 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.690289021 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.690301895 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.690331936 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.692482948 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.692501068 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.692579031 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.692585945 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.692631006 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.695827007 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.695843935 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.695919991 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.695925951 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.695967913 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.698556900 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.698574066 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.698632002 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.698636055 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.698647022 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.698666096 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.698668003 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.698688984 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.698693991 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.698723078 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.698753119 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.699584007 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.699599981 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.699666977 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.699672937 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.699716091 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.700642109 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.700659037 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.700717926 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.700725079 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.700766087 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.701561928 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.701580048 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.701634884 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.701639891 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.701673031 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.703329086 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.703346968 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.703406096 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.703412056 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.703452110 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.704328060 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.704344034 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.704404116 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.704410076 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.704452038 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.705375910 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.705390930 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.705454111 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.705460072 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.705512047 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.707088947 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.707106113 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.707170010 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.707178116 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.707220078 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.708122015 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.708137035 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.708205938 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.708218098 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.708259106 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.709151030 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.709166050 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.709239006 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.709244967 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.709290981 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.710114002 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.710130930 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.710189104 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.710195065 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.710235119 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.714070082 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.714092970 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.714148045 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.714153051 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.714174032 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.714195013 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.715010881 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.715028048 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.715076923 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.715081930 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.715111017 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.715130091 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.715878010 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.715894938 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.715969086 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.715975046 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.716013908 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.716794968 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.716811895 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.716875076 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.716881037 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.716921091 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.718518019 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.718539953 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.718610048 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.718616009 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.718657970 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.719564915 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.719583035 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.719633102 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.719638109 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.719664097 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.719687939 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.720515013 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.720531940 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.720593929 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.720598936 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.720639944 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.721509933 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.721527100 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.721601963 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.721607924 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.721648932 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.723105907 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.723121881 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.723195076 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.723208904 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.723251104 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.723982096 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.724006891 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.724051952 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.724065065 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.724095106 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.724117041 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.724951982 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.724972010 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.725049019 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.725055933 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.725097895 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.725934029 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.725951910 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.726006985 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.726013899 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.726056099 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.726824045 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.726843119 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.726902008 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.726910114 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.726953030 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.728163004 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.728183985 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.728231907 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.728238106 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.728274107 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.729224920 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.729243994 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.729299068 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.729305983 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.729351044 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.730063915 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.730083942 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.730124950 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.730129957 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.730159998 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.730179071 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.731033087 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.731056929 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.731100082 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.731106043 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.731132984 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.731162071 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.731976032 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.731995106 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.732053041 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.732059002 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.732081890 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.732103109 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.732892990 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.732908964 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.732979059 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.732985020 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.733026028 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.734610081 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.734627008 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.734687090 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.734693050 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.734735966 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.735604048 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.735627890 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.735681057 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.735687017 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.735707998 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.735732079 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.736565113 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.736578941 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.736634970 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.736650944 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.736689091 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.737524986 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.737569094 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.737596035 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.737610102 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.737634897 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.737653017 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.738559008 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.738575935 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.738651991 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.738670111 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.738719940 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.739464045 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.739483118 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.739553928 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.739567995 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.739605904 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.740356922 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.740384102 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.740422964 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.740436077 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.740456104 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.740474939 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.741347075 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.741364002 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.741416931 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.741440058 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.741457939 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.741671085 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.742235899 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.742252111 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.742305040 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.742316961 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.742360115 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.743218899 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.743235111 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.743292093 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.743309975 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.743350029 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.744100094 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.744122982 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.744167089 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.744185925 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.744204044 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.744226933 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.745045900 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.745063066 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.745122910 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.745135069 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.745173931 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.746002913 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.746018887 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.746068954 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.746079922 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.746115923 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.747004032 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.747020960 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.747080088 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.747097015 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.747142076 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.747951984 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.747970104 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.748017073 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.748023987 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.748053074 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.748075962 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.748738050 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.748755932 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.748814106 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.748820066 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.748861074 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.749789953 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.749813080 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.749856949 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.749862909 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.749910116 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.749910116 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.750633001 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.750648975 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.750703096 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.750709057 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.750734091 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.750752926 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.751669884 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.751688004 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.751746893 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.751753092 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.751776934 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.751799107 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.752573967 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.752594948 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.752635002 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.752640963 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.752662897 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.752684116 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.753449917 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.753465891 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.753550053 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.753556013 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.753599882 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.754345894 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.754364967 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.754436970 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.754442930 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.754483938 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.755245924 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.755264997 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.755316019 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.755322933 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.755352020 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.755369902 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.756195068 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.756211042 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.756275892 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.756280899 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.756309986 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.756329060 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.757101059 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.757116079 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.757169962 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.757174969 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.757217884 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.758009911 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.758028984 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.758081913 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.758086920 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.758114100 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.758133888 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.759047985 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.759066105 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.759120941 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.759126902 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.759167910 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.759658098 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.759674072 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.759728909 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.759735107 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.759777069 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.760066986 CET44349729161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.760365963 CET49729443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.760390043 CET44349729161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.760608912 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.760628939 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.760679007 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.760684013 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.760726929 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.760777950 CET44349729161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.761069059 CET49729443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.761145115 CET44349729161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.761213064 CET49729443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.761639118 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.761656046 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.761708975 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.761714935 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.761740923 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.761765003 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.762312889 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.762336969 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.762387991 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.762392998 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.762422085 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.762440920 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.763308048 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.763324976 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.763390064 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.763396025 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.763434887 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.764209986 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.764225960 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.764282942 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.764288902 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.764322996 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.765063047 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.765079021 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.765131950 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.765149117 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.765187025 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.765731096 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.765744925 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.765799046 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.765809059 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.765844107 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.766576052 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.766592979 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.766643047 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.766653061 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.766673088 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.766702890 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.767463923 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.767513990 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.767530918 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.767541885 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.767556906 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.767565012 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.767587900 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.767623901 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.767955065 CET49723443192.168.2.989.187.173.22
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.767968893 CET4434972389.187.173.22192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.801914930 CET44349729161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.817532063 CET4434972889.187.173.11192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.817859888 CET4434972889.187.173.11192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.817948103 CET49728443192.168.2.989.187.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.822700024 CET49728443192.168.2.989.187.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.822732925 CET4434972889.187.173.11192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.028132915 CET44349729161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.028160095 CET44349729161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.028228045 CET49729443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.028239965 CET44349729161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.028289080 CET49729443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.031992912 CET49729443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.032011032 CET44349729161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.175283909 CET49731443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.175328016 CET44349731161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.175393105 CET49731443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.175801992 CET49731443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.175813913 CET44349731161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.212666035 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.212697029 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.212758064 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.214198112 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.214212894 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.216841936 CET49677443192.168.2.920.189.173.11
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.287734985 CET49733443192.168.2.974.125.136.147
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.287772894 CET4434973374.125.136.147192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.287825108 CET49733443192.168.2.974.125.136.147
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.288397074 CET49733443192.168.2.974.125.136.147
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.288405895 CET4434973374.125.136.147192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.421370983 CET44349731161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.421781063 CET49731443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.421809912 CET44349731161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.422929049 CET44349731161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.423008919 CET49731443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.423443079 CET49731443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.423520088 CET44349731161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.423580885 CET49731443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.460756063 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.460853100 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.465372086 CET49731443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.465382099 CET44349731161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.466309071 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.466331959 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.466626883 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.466690063 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.467720032 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.502969980 CET4434973374.125.136.147192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.508246899 CET49733443192.168.2.974.125.136.147
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.508265018 CET4434973374.125.136.147192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.509325981 CET4434973374.125.136.147192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.509413958 CET49733443192.168.2.974.125.136.147
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.509906054 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.510540962 CET49733443192.168.2.974.125.136.147
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.510601997 CET4434973374.125.136.147192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.518935919 CET49731443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.550715923 CET49733443192.168.2.974.125.136.147
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.550740957 CET4434973374.125.136.147192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.597111940 CET49733443192.168.2.974.125.136.147
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.680535078 CET44349731161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.680565119 CET44349731161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.680574894 CET44349731161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.680660009 CET44349731161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.680675030 CET49731443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.680725098 CET49731443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.681587934 CET49731443192.168.2.9161.35.127.181
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.681607962 CET44349731161.35.127.181192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.686007023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.686320066 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.704412937 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.704431057 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.704476118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.704519987 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.704550028 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.704566956 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.704598904 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.724184036 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.724214077 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.724349976 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.724368095 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.724409103 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.811638117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.811671019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.811803102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.811825991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.811873913 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.831584930 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.831634998 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.831718922 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.831736088 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.831780910 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.834347010 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.853076935 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.853106022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.853178978 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.853194952 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.853220940 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.853245020 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.915793896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.915832996 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.915889025 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.915911913 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.915926933 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.915946960 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.930875063 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.930905104 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.930953026 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.930969954 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.930999994 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.931020975 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.945920944 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.945929050 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.946007013 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.946024895 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.946075916 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.962095976 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.962120056 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.962169886 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.962194920 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.962209940 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.962337971 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.978880882 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.978909969 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.978992939 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.979002953 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.979016066 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.979047060 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.991403103 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.991425991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.991487980 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.991497040 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.991539955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.991558075 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.006414890 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.006438971 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.006484032 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.006494999 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.006527901 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.006551027 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.020431042 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.020459890 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.020502090 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.020514965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.020558119 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.020577908 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.039254904 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.039283037 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.039343119 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.039361000 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.039393902 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.039414883 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.049942970 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.049973965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.050046921 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.050098896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.050126076 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.050188065 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.057712078 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.057751894 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.057784081 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.057790995 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.057828903 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.057837963 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.060879946 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.060935974 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.070667028 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.070688009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.070734024 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.070739031 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.070776939 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.080110073 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.080132961 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.080179930 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.080187082 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.080229044 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.080246925 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.088603973 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.088620901 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.088681936 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.088687897 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.088715076 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.088732958 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.096826077 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.096868992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.096890926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.096896887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.096941948 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.105410099 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.105427980 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.105485916 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.105492115 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.105504990 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.105536938 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.113745928 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.113768101 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.113853931 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.113866091 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.113909960 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.121103048 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.121125937 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.121216059 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.121227980 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.121273041 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.128870964 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.128889084 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.128957987 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.128967047 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.128978014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.129172087 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.129946947 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.130001068 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.136228085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.136251926 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.136303902 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.136312008 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.136349916 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.142549038 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.142570019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.142627001 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.142633915 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.142668962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.142683983 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.148369074 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.148392916 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.148437977 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.148443937 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.148484945 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.148504972 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.153985023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.154009104 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.154067993 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.154073954 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.154120922 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.159912109 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.159934998 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.159985065 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.159997940 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.160023928 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.160058975 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.165342093 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.165360928 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.165405989 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.165414095 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.165452957 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.170253038 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.170274019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.170326948 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.170340061 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.170367956 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.170383930 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.174612999 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.174653053 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.174683094 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.174690962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.174726009 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.174743891 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.175405979 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.175462008 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.180942059 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.180963993 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.181020021 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.181025982 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.181058884 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.181076050 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.185903072 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.185935974 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.185971022 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.185981035 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.186013937 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.186033010 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.190299034 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.190318108 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.190377951 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.190385103 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.190439939 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.195019960 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.195040941 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.195086956 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.195092916 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.195142984 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.199282885 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.199306965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.199347019 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.199352980 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.199390888 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.203838110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.203857899 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.203926086 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.203933001 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.203974962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.208631992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.208652020 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.208689928 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.208698988 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.208729982 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.208748102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.212963104 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.212990046 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.213030100 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.213037014 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.213067055 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.213085890 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.216870070 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.216896057 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.216934919 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.216943026 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.216978073 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.217000008 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.221312046 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.221339941 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.221380949 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.221386909 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.221420050 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.221436977 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.225064993 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.225083113 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.225162983 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.225169897 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.225204945 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.229036093 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.229053020 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.229137897 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.229145050 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.229182005 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.232657909 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.232677937 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.232753992 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.232760906 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.232796907 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.236529112 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.236550093 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.236632109 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.236649036 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.236702919 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.239975929 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.239999056 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.240056038 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.240067005 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.240098953 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.240122080 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.243686914 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.243705034 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.243789911 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.243798971 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.243839979 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.247807026 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.247824907 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.247884035 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.247893095 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.247936964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.251677990 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.251696110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.251761913 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.251776934 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.251817942 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.251832962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.254805088 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.254822969 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.254893064 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.254909992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.254945993 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.257911921 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.257934093 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.257999897 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.258028030 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.258073092 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.261295080 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.261312008 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.261382103 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.261404991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.261446953 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.264317036 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.264334917 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.264419079 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.264442921 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.264476061 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.264491081 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.267349958 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.267378092 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.267455101 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.267477036 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.267523050 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.267545938 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.270164967 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.270183086 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.270241022 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.270265102 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.270283937 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.270307064 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.273093939 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.273113012 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.273197889 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.273221970 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.273271084 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.275705099 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.275729895 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.275778055 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.275800943 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.275826931 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.275850058 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.278548002 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.278564930 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.278630018 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.278651953 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.278669119 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.278701067 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.281050920 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.281071901 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.281150103 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.281172037 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.281217098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.283732891 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.283749104 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.283806086 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.283828974 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.283855915 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.283874989 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.287024975 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.287045002 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.287089109 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.287112951 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.287127972 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.287153959 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.289439917 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.289457083 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.289544106 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.289566040 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.289613008 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.291807890 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.291824102 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.291893959 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.291908026 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.291945934 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.294070005 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.294087887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.294154882 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.294164896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.294198036 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.296911955 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.296930075 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.296984911 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.296994925 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.297044039 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.299745083 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.299767971 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.299825907 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.299837112 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.299870014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.299894094 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.301671028 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.301687002 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.301779032 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.301784992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.301832914 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.303750038 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.303766966 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.303826094 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.303832054 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.303881884 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.306437016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.306459904 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.306528091 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.306534052 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.306731939 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.309139967 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.309158087 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.309231043 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.309243917 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.309317112 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.310955048 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.310971975 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.311043978 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.311050892 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.311090946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.313721895 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.313739061 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.313791990 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.313797951 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.313829899 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.313849926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.315517902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.315536022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.315589905 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.315594912 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.315639019 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.315649033 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.318082094 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.318101883 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.318156004 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.318161964 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.318192959 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.318212032 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.319669962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.319685936 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.319739103 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.319744110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.319802046 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.322274923 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.322292089 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.322335005 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.322340965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.322376966 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.322396994 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.323992968 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.324011087 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.324064970 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.324078083 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.324120998 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.324135065 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.325932026 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.325949907 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.326014042 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.326031923 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.326061964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.326083899 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.327891111 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.327907085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.327969074 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.327991009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.328020096 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.328041077 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.330651045 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.330668926 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.330719948 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.330740929 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.330770016 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.330794096 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.332496881 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.332510948 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.332578897 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.332600117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.332657099 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.334472895 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.334489107 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.334539890 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.334561110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.334578037 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.334600925 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.336236954 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.336252928 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.336293936 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.336314917 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.336340904 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.336378098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.338445902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.338464975 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.338502884 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.338521957 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.338551044 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.338578939 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.340254068 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.340270996 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.340318918 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.340337038 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.340383053 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.340408087 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.342088938 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.342104912 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.342165947 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.342185974 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.342233896 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.343777895 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.343794107 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.343866110 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.343888044 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.343935013 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.345964909 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.345983028 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.346044064 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.346065044 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.346081972 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.346105099 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.347687960 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.347706079 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.347771883 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.347793102 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.347867966 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.349368095 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.349385023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.349456072 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.349477053 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.349522114 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.351207018 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.351228952 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.351300001 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.351320028 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.351366043 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.353241920 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.353257895 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.353322983 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.353344917 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.353391886 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.354254961 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.354281902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.354343891 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.354361057 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.354381084 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.354409933 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.356089115 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.356105089 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.356170893 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.356193066 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.356237888 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.357945919 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.357963085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.358042002 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.358063936 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.358108997 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.360050917 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.360065937 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.360126972 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.360150099 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.360166073 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.360192060 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.361783981 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.361803055 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.361866951 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.361885071 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.361933947 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.362823963 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.362839937 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.362905979 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.362925053 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.362965107 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.364622116 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.364636898 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.364694118 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.364713907 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.364762068 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.366590977 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.366619110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.366658926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.366678953 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.366705894 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.366731882 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.368361950 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.368377924 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.368448973 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.368468046 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.368515968 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.369330883 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.369347095 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.369415045 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.369422913 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.369477034 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.370981932 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.370997906 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.371093035 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.371108055 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.371148109 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.372956991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.372987032 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.373034000 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.373056889 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.373078108 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.373097897 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.374284029 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.374299049 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.374368906 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.374391079 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.374413013 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.374435902 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.376211882 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.376226902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.376290083 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.376310110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.376370907 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.377708912 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.377726078 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.377813101 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.377831936 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.377904892 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.379892111 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.379908085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.379961014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.379980087 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.380008936 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.380019903 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.380603075 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.380619049 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.380681992 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.380697966 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.380764961 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.382415056 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.382431030 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.382515907 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.382539034 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.382576942 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.383996010 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.384013891 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.384080887 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.384103060 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.384147882 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.385308027 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.385345936 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.385381937 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.385404110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.385426998 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.385452032 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.386352062 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.386368036 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.386430979 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.386447906 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.386492968 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.388140917 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.388156891 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.388225079 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.388246059 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.388287067 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.389728069 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.389744997 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.389812946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.389834881 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.389880896 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.391416073 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.391432047 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.391499996 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.391527891 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.391581059 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.392340899 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.392354965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.392429113 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.392447948 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.392498016 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.394289017 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.394304991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.394365072 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.394387007 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.394407988 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.394433975 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.395037889 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.395054102 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.395128012 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.395144939 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.395186901 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.396666050 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.396684885 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.396763086 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.396781921 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.396828890 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.397682905 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.397699118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.397773027 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.397794962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.397840023 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.399430037 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.399445057 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.399528027 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.399549961 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.399591923 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.400439978 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.400454998 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.400532007 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.400552034 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.400599003 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.401912928 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.401928902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.402003050 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.402024031 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.402074099 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.402929068 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.402942896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.403006077 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.403023958 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.403064013 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.404592991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.404608011 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.404669046 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.404690981 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.404716969 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.404747963 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.405642033 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.405657053 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.405725956 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.405745029 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.405808926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.407152891 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.407169104 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.407243967 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.407264948 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.407310963 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.408422947 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.408441067 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.408509016 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.408529997 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.408584118 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.409951925 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.409966946 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.410046101 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.410067081 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.410110950 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.411165953 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.411189079 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.411248922 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.411271095 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.411309004 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.411333084 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.412137032 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.412153006 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.412229061 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.412245989 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.412288904 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.413219929 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.413233042 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.413394928 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.413414955 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.413458109 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.414211988 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.414227009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.414294004 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.414304972 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.414345980 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.415875912 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.415890932 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.415961981 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.415983915 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.416024923 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.416949034 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.416964054 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.417037964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.417053938 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.417112112 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.418950081 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.418963909 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.419044018 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.419064999 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.419126034 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.419430971 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.419445038 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.419509888 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.419517994 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.419559002 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.421655893 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.421673059 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.421740055 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.421761036 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.421823025 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.422290087 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.422305107 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.422374010 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.422384024 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.422422886 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.423254013 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.423269033 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.423336029 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.423348904 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.423414946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.424050093 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.424063921 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.424139023 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.424149990 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.424222946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.425802946 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.425822973 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.425883055 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.425899029 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.425956964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.426826954 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.426841974 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.426914930 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.426934004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.426990986 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.427748919 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.427767992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.427848101 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.427860975 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.427903891 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.428875923 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.428890944 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.428953886 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.428966999 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.429013014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.430368900 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.430386066 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.430461884 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.430479050 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.430525064 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.431278944 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.431297064 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.431379080 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.431391001 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.431437016 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.432173967 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.432195902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.432259083 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.432267904 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.432312965 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.433355093 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.433372021 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.433748960 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.433760881 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.433818102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.434694052 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.434710979 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.434776068 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.434787989 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.434838057 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.435636044 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.435651064 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.435709953 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.435719013 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.435754061 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.435779095 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.436546087 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.436562061 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.436629057 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.436640024 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.436681986 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.437508106 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.437524080 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.437586069 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.437597990 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.437627077 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.437832117 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.438901901 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.438916922 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.438993931 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.439009905 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.439055920 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.439785004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.439800978 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.439886093 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.439899921 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.439938068 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.440818071 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.440833092 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.440893888 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.440901995 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.440975904 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.441843033 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.441859007 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.441931009 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.441937923 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.441972971 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.443358898 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.443377018 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.443423033 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.443432093 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.443476915 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.443495989 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.444063902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.444078922 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.444142103 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.444152117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.444212914 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.444833040 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.444853067 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.444900990 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.444909096 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.444941998 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.444963932 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.445875883 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.445908070 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.445946932 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.445955038 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.445997000 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.447030067 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.447045088 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.447091103 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.447101116 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.447144985 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.447158098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.447962046 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.447978973 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.448040009 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.448051929 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.448106050 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.448863983 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.448880911 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.448926926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.448935032 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.448981047 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.449007034 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.449834108 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.449848890 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.449909925 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.449928045 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.449980974 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.450953960 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.450968981 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.451041937 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.451057911 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.451105118 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.451827049 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.451845884 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.451908112 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.451916933 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.451967955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.452867031 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.452881098 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.452950954 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.452964067 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.453025103 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.453821898 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.453835964 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.453907013 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.453917980 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.453960896 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.454746962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.454766035 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.454814911 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.454828978 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.454885006 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.454902887 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.455699921 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.455713987 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.455797911 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.455809116 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.455856085 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.456552029 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.456573963 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.456676960 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.456691980 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.456728935 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.457609892 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.457623959 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.457665920 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.457683086 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.457710028 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.457726002 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.458534956 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.458551884 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.458595037 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.458611012 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.458627939 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.458657980 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.459414005 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.459429026 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.459470034 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.459476948 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.459503889 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.459525108 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.460397959 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.460412979 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.460454941 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.460465908 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.460489988 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.460503101 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.461318016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.461333036 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.461370945 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.461385965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.461410046 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.461426020 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.462112904 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.462127924 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.462193012 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.462212086 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.462234974 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.462251902 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.462966919 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.462982893 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.463023901 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.463037968 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.463063002 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.463080883 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.463988066 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.464004040 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.464040041 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.464051962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.464075089 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.464108944 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.464941025 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.464956999 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.464997053 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.465010881 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.465034008 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.465059996 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.465711117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.465725899 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.465778112 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.465787888 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.465812922 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.465830088 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.466641903 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.466661930 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.466711998 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.466726065 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.466748953 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.466770887 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.467559099 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.467572927 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.467628956 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.467643023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.467680931 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.468380928 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.468399048 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.468441010 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.468456030 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.468477011 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.468492031 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.469307899 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.469321966 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.469384909 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.469398022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.469439983 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.470053911 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.470068932 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.470118999 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.470132113 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.470165014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.471044064 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.471059084 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.471107960 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.471122026 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.471132994 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.471155882 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.471784115 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.471797943 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.471842051 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.471848965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.471872091 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.471889973 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.472526073 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.472541094 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.472593069 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.472609997 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.472628117 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.472651958 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.473669052 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.473689079 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.473732948 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.473743916 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.473767996 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.473845959 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.474395037 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.474409103 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.474469900 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.474479914 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.474510908 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.474528074 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.475269079 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.475286961 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.475337029 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.475348949 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.475388050 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.475404024 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.475984097 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.475999117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.476047039 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.476054907 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.476088047 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.476105928 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.476840019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.476854086 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.476897955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.476912022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.476931095 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.476949930 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.477824926 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.477838993 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.477905989 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.477926016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.478049994 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.478461027 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.478477001 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.478517056 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.478524923 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.478553057 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.478574991 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.479526997 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.479542017 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.479589939 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.479598999 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.479628086 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.479645967 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.480387926 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.480403900 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.480448961 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.480459929 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.480490923 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.480509043 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.480796099 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.480818987 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.480844975 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.480850935 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.480882883 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.480901003 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.481776953 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.481791973 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.481838942 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.481849909 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.481900930 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.482815027 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.482831001 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.482878923 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.482889891 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.482937098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.483489990 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.483506918 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.483555079 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.483563900 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.483586073 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.483606100 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.484309912 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.484325886 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.484381914 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.484394073 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.484409094 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.484452009 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.485021114 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.485035896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.485090971 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.485100985 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.485141039 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.485903978 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.485918999 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.485964060 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.485976934 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.486000061 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.486013889 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.486761093 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.486774921 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.486820936 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.486829996 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.486850977 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.486870050 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.487231970 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.487250090 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.487292051 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.487298965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.487322092 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.487341881 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.488173962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.488187075 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.488244057 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.488256931 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.488277912 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.488293886 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.489394903 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.489408016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.489464998 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.489476919 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.489525080 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.490161896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.490176916 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.490226984 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.490235090 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.490276098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491085052 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491102934 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491152048 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491164923 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491208076 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491389036 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491405010 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491441011 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491446972 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491480112 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491904020 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491919041 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491977930 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.491985083 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.492021084 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.493277073 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.493290901 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.493354082 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.493366957 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.493391991 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.493410110 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.494743109 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.494757891 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.494859934 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.494859934 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.494873047 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.494913101 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.494973898 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.494993925 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.495055914 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.495062113 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.495085001 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.495325089 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.495592117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.495608091 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.495662928 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.495670080 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.495783091 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.496489048 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.496505022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.496548891 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.496562004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.496592045 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.496611118 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.497212887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.497226954 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.497275114 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.497287989 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.497320890 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.497332096 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.497493982 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.497509003 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.497565985 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.497571945 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.497622013 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.498596907 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.498614073 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.498661041 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.498667955 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.498701096 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.498723984 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.499387026 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.499401093 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.499478102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.499478102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.499489069 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.499524117 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.500171900 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.500186920 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.500230074 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.500238895 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.500258923 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.500277996 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.500394106 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.500407934 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.500456095 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.500463009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.500495911 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.501375914 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.501391888 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.501432896 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.501442909 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.501466990 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.501486063 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.502049923 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.502068043 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.502106905 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.502115011 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.502145052 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.502160072 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.503171921 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.503189087 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.503249884 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.503258944 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.503300905 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.503838062 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.503854036 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.503890991 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.503895998 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.503926992 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.503942966 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.504117012 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.504132032 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.504167080 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.504172087 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.504194021 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.504218102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.505599022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.505614042 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.505672932 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.505686998 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.505724907 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.506402016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.506419897 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.506474018 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.506480932 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.506506920 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.506522894 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.507200956 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.507219076 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.507257938 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.507262945 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.507297039 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.507319927 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.507396936 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.507411957 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.507452011 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.507458925 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.507487059 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.507524967 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.508631945 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.508647919 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.508704901 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.508714914 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.508780956 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.509421110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.509437084 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.509494066 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.509500980 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.509543896 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.510030985 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.510046959 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.510112047 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.510117054 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.510140896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.510164022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.510169983 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.510178089 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.510195971 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.510229111 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.510968924 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.510982990 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.511044025 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.511050940 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.511091948 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.511926889 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.511941910 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.511992931 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.511997938 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.512038946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.512562037 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.512577057 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.512619972 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.512624979 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.512664080 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.512830973 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.512845993 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.512888908 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.512895107 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.512926102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.512945890 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.513731956 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.513747931 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.513792992 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.513799906 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.513838053 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.514300108 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.514314890 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.514337063 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.514373064 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.514377117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.514429092 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.514908075 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.514923096 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.514944077 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.515008926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.515008926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.515017033 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.515054941 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.515223026 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.515235901 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.515270948 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.515276909 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.515309095 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.515331984 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.516047001 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.516064882 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.516100883 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.516104937 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.516133070 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.516150951 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517087936 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517117977 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517157078 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517163992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517190933 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517210960 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517771959 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517796040 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517839909 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517846107 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517875910 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517898083 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517918110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517934084 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517963886 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517971039 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.517996073 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.518018961 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.518723011 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.518739939 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.518786907 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.518795013 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.518827915 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.518842936 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.519555092 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.519572973 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.519599915 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.519610882 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.519637108 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.519653082 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.520169973 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.520191908 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.520246983 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.520256042 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.520289898 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.520381927 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.520391941 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.520445108 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.520452023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.520489931 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.521334887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.521353960 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.521384954 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.521394014 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.521425962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.521447897 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.521976948 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.521996975 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.522047997 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.522056103 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.522093058 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.522099972 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523299932 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523325920 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523372889 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523382902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523413897 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523423910 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523507118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523524046 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523556948 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523562908 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523586988 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523603916 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523853064 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523869038 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523896933 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523904085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523930073 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.523950100 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.524790049 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.524805069 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.524833918 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.524880886 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.524885893 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.524924994 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.525233030 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.525271893 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.525290966 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.525296926 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.525319099 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.525336981 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.525376081 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.525393009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.525418997 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.525425911 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.525450945 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.525469065 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.526313066 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.526333094 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.526391029 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.526405096 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.526417971 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.526437998 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527098894 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527116060 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527158022 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527164936 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527199984 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527220964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527635098 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527650118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527714014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527723074 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527746916 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527765989 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527904034 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527919054 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527976036 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.527982950 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.528021097 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.528883934 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.528903008 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.528948069 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.528956890 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.528980017 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.529005051 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.529613972 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.529630899 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.529675961 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.529683113 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.529709101 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.529728889 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.529988050 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.530004025 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.530066967 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.530075073 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.530083895 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.530116081 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.530272961 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.530291080 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.530323982 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.530330896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.530356884 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.530378103 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.531290054 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.531306982 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.531346083 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.531353951 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.531383038 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.531409025 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.531887054 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.531908989 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.531945944 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.531954050 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.532006025 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.532006025 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.532481909 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.532500029 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.532551050 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.532571077 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.532577991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.532612085 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.532643080 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.534348965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.534367085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.534404993 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.534411907 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.534444094 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.534466982 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.534537077 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.534559965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.534594059 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.534603119 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.534627914 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.534648895 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535214901 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535248995 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535263062 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535269022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535291910 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535307884 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535495043 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535543919 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535573959 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535686970 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535703897 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535762072 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535780907 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535785913 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.535831928 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.536739111 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.536756039 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.536787987 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.536798000 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.536820889 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.536843061 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.536994934 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.537009954 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.537055016 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.537061930 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.537097931 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.537117958 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.538418055 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.538434982 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.538471937 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.538479090 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.538511992 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.538518906 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.538533926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.538541079 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.538552999 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.538563013 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.538597107 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.538984060 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.538999081 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.539033890 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.539041042 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.539079905 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.539098978 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.539541960 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.539560080 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.539598942 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.539606094 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.539638996 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.539648056 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.540297031 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.540311098 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.540374041 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.540386915 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.540426970 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.540473938 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.540492058 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.540529013 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.540535927 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.540564060 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.540586948 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.541974068 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.541990995 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542087078 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542099953 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542140007 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542200089 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542217016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542249918 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542256117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542283058 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542301893 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542689085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542707920 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542742014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542747021 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542762041 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542772055 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542781115 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542800903 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542807102 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542838097 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.542867899 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.543669939 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.543685913 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.543729067 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.543736935 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.543760061 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.543780088 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544311047 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544327974 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544375896 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544384003 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544418097 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544728041 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544771910 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544796944 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544825077 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544830084 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544883966 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544883966 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544938087 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.544954062 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545006037 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545012951 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545058012 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545706034 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545722008 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545761108 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545768976 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545819044 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545819044 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545918941 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545934916 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545968056 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545974016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.545995951 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.546015024 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.546928883 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.546947002 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.546993971 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.546999931 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.547009945 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.547029972 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.547030926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.547055006 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.547063112 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.547089100 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.547113895 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.547892094 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.547908068 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.547940969 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.547946930 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.547986984 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.548010111 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.548060894 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.548078060 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.548100948 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.548139095 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.548142910 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.548207045 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.549072981 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.549089909 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.549149036 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.549155951 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.549200058 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.549350023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.549371004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.549407005 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.549412966 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.549437046 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.549459934 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.550096989 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.550112963 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.550163031 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.550170898 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.550180912 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.550199986 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.550200939 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.550228119 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.550234079 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.550244093 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.550287962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.551085949 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.551104069 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.551141977 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.551146984 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.551172972 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.551196098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.551235914 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.551251888 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.551321030 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.551321030 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.551327944 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.551368952 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.552484989 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.552503109 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.552536964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.552551031 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.552567005 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.552609921 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.552690983 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.552710056 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.552746058 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.552753925 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.552786112 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.552807093 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.553205967 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.553221941 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.553256989 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.553263903 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.553282022 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.553298950 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.553505898 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.553519964 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.553566933 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.553574085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.553596973 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.553616047 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.554096937 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.554112911 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.554150105 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.554156065 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.554205894 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.554225922 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.554272890 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.554290056 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.554333925 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.554339886 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.554366112 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.554384947 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.555272102 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.555289030 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.555325985 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.555331945 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.555342913 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.555344105 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.555366993 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.555370092 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.555377960 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.555394888 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.555429935 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.556083918 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.556099892 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.556130886 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.556138992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.556166887 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.556190014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.556374073 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.556391954 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.556426048 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.556432009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.556458950 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.556469917 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.557682991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.557706118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.557737112 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.557743073 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.557765961 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.557766914 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.557782888 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.557789087 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.557801008 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.557816029 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.557849884 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.558480978 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.558495998 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.558548927 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.558556080 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.558567047 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.558585882 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.558593035 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.558598995 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.558619976 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.558650970 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.559146881 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.559163094 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.559199095 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.559206009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.559238911 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.559257984 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.559454918 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.559480906 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.559549093 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.559556007 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.559621096 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.560270071 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.560286999 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.560334921 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.560340881 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.560350895 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.560383081 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.560389042 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.560404062 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.560445070 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.561125994 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.561142921 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.561172009 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.561180115 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.561204910 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.561223984 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.561454058 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.561469078 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.561506987 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.561513901 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.561548948 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.561572075 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.562084913 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.562100887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.562185049 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.562192917 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.562200069 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.562220097 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.562226057 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.562243938 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.562247992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.562274933 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.562297106 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.563101053 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.563117027 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.563157082 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.563164949 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.563198090 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.563222885 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.563293934 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.563309908 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.563349962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.563355923 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.563404083 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.563404083 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564102888 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564120054 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564168930 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564176083 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564203024 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564229965 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564258099 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564295053 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564316034 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564322948 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564349890 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564371109 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564929962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564949989 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564979076 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.564987898 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.565051079 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.565058947 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.565196037 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.565211058 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.565253019 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.565260887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.565287113 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.565309048 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.566066027 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.566085100 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.566118002 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.566123962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.566144943 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.566149950 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.566164970 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.566174030 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.566179037 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.566203117 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.566231966 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.567426920 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.567444086 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.567478895 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.567486048 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.567517042 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.567536116 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.567554951 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.567589998 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.567605972 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.567611933 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.567640066 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.567657948 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.568197966 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.568219900 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.568279982 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.568286896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.568310976 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.568327904 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.568339109 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.568344116 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.568378925 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.568409920 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.568975925 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569004059 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569039106 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569046974 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569058895 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569082975 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569211006 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569227934 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569283009 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569288015 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569310904 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569322109 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569865942 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569884062 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569926023 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569936037 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569964886 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.569989920 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570139885 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570171118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570187092 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570192099 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570224047 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570241928 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570554972 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570571899 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570616007 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570622921 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570647955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570656061 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570763111 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570796013 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570811033 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570817947 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570858955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.570858955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571055889 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571072102 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571124077 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571132898 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571156979 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571175098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571695089 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571712017 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571763992 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571765900 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571778059 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571798086 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571818113 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.571830988 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.572513103 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.572530985 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.572596073 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.572607994 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.572639942 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.572793961 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.572810888 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.572840929 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.572848082 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.572880983 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.572891951 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.573585033 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.573654890 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.573672056 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.573678970 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.573712111 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.573729038 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.573884010 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.573967934 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.573973894 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574028015 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574486017 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574532032 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574556112 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574562073 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574592113 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574610949 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574677944 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574723005 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574747086 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574776888 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574785948 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574811935 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574815989 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574847937 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574862957 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574867010 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574886084 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574923038 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.574949026 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.575002909 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.575669050 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.575712919 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.575745106 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.575751066 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.575773954 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.575794935 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576513052 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576553106 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576581955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576586962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576620102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576631069 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576695919 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576739073 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576756954 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576762915 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576788902 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576809883 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576881886 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576929092 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576950073 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576955080 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576981068 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.576998949 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.577718973 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.577760935 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.577786922 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.577791929 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.577827930 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.577830076 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.577851057 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.577856064 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.577877045 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.577879906 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.577909946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.577919006 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.577934980 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.578668118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.578708887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.578711987 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.578737020 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.578738928 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.578777075 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.578804970 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.578870058 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.578912973 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.578944921 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.578948975 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.578978062 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.578999996 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.579127073 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.579170942 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.579194069 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.579197884 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.579227924 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.579250097 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.579329967 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.579371929 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.579412937 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.579417944 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.579456091 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.579478025 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580171108 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580212116 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580239058 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580244064 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580275059 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580295086 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580427885 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580470085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580495119 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580499887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580542088 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580563068 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580914974 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580971003 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580987930 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.580991983 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.581022978 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.581037998 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.581043959 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.581062078 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.581099033 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.581101894 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.581132889 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.581137896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.581187963 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.581187963 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.581917048 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.581959009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.581998110 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582009077 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582032919 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582072973 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582096100 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582139969 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582158089 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582163095 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582200050 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582849979 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582897902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582926989 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582932949 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582956076 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582957029 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582977057 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582986116 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.582999945 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583013058 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583050966 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583055973 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583090067 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583621025 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583662987 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583684921 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583690882 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583719015 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583743095 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583818913 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583846092 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583924055 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583930016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.583972931 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584546089 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584589005 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584616899 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584625959 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584707022 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584707975 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584717989 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584741116 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584772110 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584780931 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584801912 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584815025 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584845066 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.584872961 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.585297108 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.585391998 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.585413933 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.585418940 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.585448980 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.585468054 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.585481882 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.585521936 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.585541010 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.585546017 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.585573912 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.585593939 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.586219072 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.586262941 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.586291075 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.586298943 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.586328983 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.586350918 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.586360931 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.586405993 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.586431026 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.586435080 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.586468935 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.586488962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.587670088 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.587688923 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.587735891 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.587740898 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.587773085 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.587791920 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.587851048 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.587874889 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.587928057 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.587933064 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.587974072 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.589523077 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.589549065 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.589586973 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.589593887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.589632034 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.589653015 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.589662075 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.589680910 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.589709997 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.589715004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.589750051 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.589823008 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.591133118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.591155052 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.591193914 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.591200113 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.591209888 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.591232061 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.591252089 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.591255903 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.591295004 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.591902971 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.592513084 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.592533112 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.592566013 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.592571974 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.592612982 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.592648983 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.592848063 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.592886925 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.592906952 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.592911005 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.592936993 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.592943907 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.592988014 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.593008041 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.593039989 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.593055010 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.593058109 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.593080044 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.593096972 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.594345093 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.594364882 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.594407082 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.594410896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.594432116 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.594441891 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.594459057 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.594463110 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.594470978 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.594491959 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.594530106 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.595761061 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.595798969 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.595820904 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.595825911 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.595859051 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.595885992 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.596071959 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.596091986 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.596124887 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.596129894 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.596188068 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.596188068 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.597345114 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.597392082 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.597433090 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.597436905 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.597462893 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.597493887 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.598529100 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.598575115 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.598620892 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.598628044 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.598638058 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.598673105 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.598741055 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.598783016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.598805904 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.598809958 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.598886013 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.598951101 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.598992109 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.599014044 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.599019051 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.599047899 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.599076033 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.600250006 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.600285053 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.600328922 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.600344896 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.600349903 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.600395918 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.601125956 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.601366043 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.601409912 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.601428032 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.601433992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.601478100 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.601502895 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.601566076 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.601612091 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.601627111 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.601629972 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.601658106 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.601677895 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.602264881 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.602332115 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.602354050 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.602441072 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.603660107 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604188919 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604231119 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604257107 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604262114 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604295015 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604319096 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604382992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604427099 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604444981 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604449987 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604477882 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604496002 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604645014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.604908943 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.605329037 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.605372906 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.605392933 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.605397940 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.605427027 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.605453014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.605634928 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.605674982 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.605695963 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.605700970 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.605739117 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.605750084 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.606803894 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.606848001 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.606875896 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.606880903 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.606904984 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.606925964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.606944084 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.606988907 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.607011080 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.607014894 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.607047081 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.607067108 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.608073950 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.608122110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.608155012 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.608160019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.608186960 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.608206034 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.608262062 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.608304977 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.608330011 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.608335018 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.608362913 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.608381987 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.610641003 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.610687017 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.610698938 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.610743046 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.610749006 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.610785007 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.610913992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.610975981 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611001015 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611062050 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611149073 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611193895 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611212015 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611217022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611237049 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611255884 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611680031 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611725092 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611741066 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611747026 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611776114 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.611799002 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.613399982 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.613441944 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.613460064 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.613501072 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.613504887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.613548040 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.613667965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.613714933 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.613729000 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.613733053 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.613771915 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.614720106 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.614763021 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.614784956 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.614789963 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.614811897 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.614825964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.614922047 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.614964962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.614991903 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.614995956 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.615020990 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.615041971 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.616189957 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.616229057 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.616266012 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.616271019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.616308928 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.616343975 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.616431952 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.616434097 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.616456032 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.616496086 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.616514921 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.617221117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.617261887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.617291927 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.617297888 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.617322922 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.617337942 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.617399931 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.617441893 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.617460966 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.617479086 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.617487907 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.617522955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.618925095 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.618968964 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.619005919 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.619012117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.619055033 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.619075060 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.619110107 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.619164944 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.619180918 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.619187117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.619225979 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.619246006 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.620578051 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.620625019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.620647907 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.620654106 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.620698929 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.620718002 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.620908976 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.620951891 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.620973110 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.620976925 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.621005058 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.621026993 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.622215033 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.622256041 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.622292042 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.622297049 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.622319937 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.622340918 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.622415066 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.622456074 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.622476101 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.622481108 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.622512102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.622530937 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.623790979 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.623831987 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.623857975 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.623862982 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.623893023 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.623910904 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.623945951 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.624017954 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.624031067 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.624075890 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.624099970 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.625751972 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.625793934 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.625824928 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.625829935 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.625868082 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.625983953 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626029968 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626065969 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626085997 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626142025 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626281977 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626322031 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626349926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626354933 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626379967 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626411915 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626420021 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626462936 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626475096 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626485109 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626521111 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.626537085 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.627701998 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.627743006 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.627773046 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.627778053 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.627804995 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.627824068 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.627840042 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.627887011 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.627904892 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.627909899 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.627942085 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.629039049 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.629082918 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.629117966 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.629123926 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.629146099 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.629163980 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.629235029 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.629276037 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.629314899 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.629318953 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.629331112 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.629358053 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.630882978 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.630929947 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.630965948 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.630970955 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631007910 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631102085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631145954 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631162882 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631167889 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631201982 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631216049 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631377935 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631418943 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631450891 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631454945 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631490946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631508112 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631514072 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631536007 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631572008 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631602049 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631623030 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.631686926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.632831097 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.632870913 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.632920027 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.632925034 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.632978916 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.633008003 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.633049011 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.633059025 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.633069992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.633105993 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.633151054 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.633840084 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.633877993 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.633996964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.633996964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.634002924 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.634035110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.634041071 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.634057045 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.634099960 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.634105921 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.634124041 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.634130955 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.634176016 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.634198904 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.635189056 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.635231018 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.635256052 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.635261059 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.635292053 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.635308981 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.635375023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.635422945 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.635443926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.635448933 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.635473967 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.635492086 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.636620045 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.636662960 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.636693954 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.636698961 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.636734962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.636751890 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.636814117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.636861086 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.636878014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.636883020 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.636924028 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638282061 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638324976 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638355970 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638360977 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638391018 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638411999 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638643026 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638684988 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638703108 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638708115 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638732910 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638755083 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638905048 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638950109 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638967991 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.638977051 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.639004946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.639023066 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.639112949 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.639189959 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.639209032 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.639269114 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640436888 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640480995 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640511036 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640516043 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640568018 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640578032 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640588045 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640599012 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640625000 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640646935 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640657902 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640670061 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640702963 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.640712023 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.641508102 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.641549110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.641591072 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.641594887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.641623974 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.641648054 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.641730070 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.641774893 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.641792059 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.641797066 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.641838074 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.641851902 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.642982006 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643026114 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643049955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643054962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643085003 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643105030 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643192053 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643232107 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643270969 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643275023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643287897 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643326044 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643845081 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643889904 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643910885 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643914938 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.643949032 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.644062996 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.644104004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.644118071 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.644123077 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.644161940 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.645262003 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.645307064 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.645334005 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.645339012 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.645373106 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.645390987 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.645467997 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.645513058 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.645528078 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.645533085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.645556927 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.645579100 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.646147966 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.646193981 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.646214962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.646219969 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.646255970 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.646271944 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.646462917 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.646507978 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.646526098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.646532059 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.646583080 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.646583080 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.647681952 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.647725105 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.647748947 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.647753954 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.647794962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.647995949 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.648041964 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.648061037 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.648066044 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.648092031 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.648125887 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.649369955 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.649418116 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.649441957 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.649446964 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.649493933 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.649512053 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.649648905 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.649698019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.649710894 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.649722099 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.649756908 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.649779081 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.650779009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.650824070 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.650849104 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.650854111 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.650880098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.650897980 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.650943995 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.650990009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.651012897 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.651016951 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.651037931 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.651055098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.651216984 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.651257992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.651285887 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.651289940 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.651314974 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.651334047 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.652278900 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.652328968 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.652359962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.652364969 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.652404070 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.653129101 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.653177023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.653203964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.653208971 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.653238058 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.653254986 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.653410912 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.653455019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.653485060 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.653489113 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.653518915 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.653537989 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.654458046 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.654500961 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.654530048 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.654535055 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.654561996 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.654582977 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.654629946 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.654673100 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.654684067 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.654700041 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.654731989 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.654752016 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.655631065 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.655678034 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.655703068 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.655709028 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.655735016 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.655751944 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.655778885 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.655841112 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.655842066 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.655865908 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.655894041 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.655915976 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.657027960 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.657071114 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.657094955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.657099009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.657135010 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.657152891 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.657366991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.657390118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.657418013 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.657422066 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.657447100 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.657469034 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658225060 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658246994 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658286095 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658291101 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658319950 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658343077 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658668041 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658689022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658731937 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658736944 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658761024 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658771038 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658782005 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658786058 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658807039 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658833027 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658837080 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658862114 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658879042 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658881903 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658895016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658929110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658932924 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658948898 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.658979893 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.659006119 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.659872055 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.659898996 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.659938097 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.659943104 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.659972906 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.659993887 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660238028 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660257101 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660324097 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660324097 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660327911 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660386086 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660451889 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660485029 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660505056 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660509109 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660537004 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660556078 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660943985 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.660974979 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.661001921 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.661005974 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.661034107 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.661034107 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.661051989 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.661055088 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.661067009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.661087036 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.661118984 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.662132978 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.662153006 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.662211895 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.662216902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.662267923 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.662363052 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.662381887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.662412882 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.662419081 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.662461996 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.662481070 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.663331985 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.663352966 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.663404942 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.663410902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.663420916 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.663444996 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.663450003 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.663459063 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.663477898 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.663508892 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665087938 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665150881 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665323973 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665343046 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665378094 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665380955 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665409088 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665409088 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665427923 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665437937 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665452003 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665460110 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665494919 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665623903 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665642977 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665672064 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665676117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665699005 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.665712118 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667146921 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667166948 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667201996 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667206049 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667262077 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667283058 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667377949 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667397022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667428017 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667433023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667457104 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667469025 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667536974 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667565107 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667593956 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667597055 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667620897 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667642117 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667661905 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667691946 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667720079 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667723894 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667751074 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.667768955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669039011 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669068098 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669102907 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669106960 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669137955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669162035 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669315100 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669343948 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669415951 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669420958 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669445992 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669459105 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669464111 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669480085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669492006 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669526100 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669529915 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669548988 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669564962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669569016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669596910 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669625998 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669662952 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669692039 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669718027 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669722080 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669749975 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.669768095 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.670963049 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.670995951 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671030045 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671034098 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671066999 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671084881 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671144962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671173096 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671200991 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671205044 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671231031 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671258926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671390057 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671427011 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671449900 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671453953 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671482086 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671503067 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671608925 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671639919 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671658993 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671663046 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671693087 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.671710968 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.672688007 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.672718048 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.672755957 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.672760963 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.672791004 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.672825098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673038960 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673069954 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673093081 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673096895 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673145056 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673209906 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673700094 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673728943 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673762083 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673765898 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673804998 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673811913 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673824072 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673827887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673856020 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673880100 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.673985958 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.674024105 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.674041986 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.674046993 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.674077988 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.674102068 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675168991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675201893 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675237894 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675241947 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675290108 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675333977 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675369024 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675391912 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675395966 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675415993 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675436020 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675463915 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675493002 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675519943 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675523996 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675534964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675568104 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675654888 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675681114 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675709963 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675714016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675740004 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.675759077 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.676861048 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.676888943 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.676922083 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.676925898 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.676959038 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.676976919 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677081108 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677114010 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677129030 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677134037 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677165985 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677182913 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677238941 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677273989 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677298069 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677303076 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677323103 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677350044 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677361012 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677366018 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677397966 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677422047 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677491903 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677529097 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677553892 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677557945 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.677608967 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.678949118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.678988934 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679019928 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679024935 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679056883 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679075956 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679141045 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679172993 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679207087 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679210901 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679234028 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679254055 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679255962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679274082 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679305077 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679307938 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679336071 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679339886 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679368019 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679395914 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679452896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679492950 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679508924 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679513931 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679543972 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.679558992 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.680461884 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.680495977 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.680522919 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.680526972 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.680553913 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.680571079 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.680572987 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.680588961 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.680634022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.680648088 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.680651903 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.680680990 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.680699110 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681227922 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681272030 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681304932 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681308985 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681345940 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681360960 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681379080 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681421041 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681473970 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681508064 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681545973 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681551933 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681585073 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.681600094 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.682456970 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.682493925 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.682523012 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.682528019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.682554960 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.682579041 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.682677984 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.682712078 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.682727098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.682730913 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.682758093 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.682780027 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.683384895 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.683420897 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.683442116 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.683446884 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.683485031 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.683799028 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.683834076 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.683885098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.683890104 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.683918953 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.683938026 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.684911966 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.684946060 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.684978962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.684983969 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685014963 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685034037 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685092926 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685126066 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685143948 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685148001 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685180902 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685203075 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685209990 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685228109 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685265064 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685267925 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685290098 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685300112 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685317039 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685347080 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685439110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685492992 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685513020 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685548067 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685571909 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685575962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685606003 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.685616016 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.686789036 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.686825991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.686865091 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.686868906 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.686907053 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.686924934 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687016964 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687055111 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687073946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687078953 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687114954 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687129021 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687138081 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687159061 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687194109 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687194109 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687218904 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687228918 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687244892 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687272072 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687335968 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687377930 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687397003 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687402010 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.687436104 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.688539982 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.688626051 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.688628912 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.688646078 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.688695908 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.688816071 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.688862085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.688874006 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.688911915 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.688915968 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.688956022 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.688966990 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.689004898 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.689028978 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.689033985 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.689062119 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.689080954 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.689116955 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.689162016 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.689199924 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.689238071 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.689260006 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.689265013 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.689301014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.689318895 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.690572977 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.690613031 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.690644026 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.690648079 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.690679073 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.690700054 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.690793037 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.690829039 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.690861940 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.690865993 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.690896034 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.690913916 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.690992117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.691028118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.691041946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.691052914 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.691092014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.691111088 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.691137075 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.691179991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.691184998 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.691200018 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.691237926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.691252947 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692070007 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692106009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692132950 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692137003 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692178965 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692198992 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692207098 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692249060 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692267895 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692274094 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692306995 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692326069 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692409039 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692447901 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692468882 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692472935 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692497015 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692511082 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692523956 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692532063 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692565918 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692569971 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692585945 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692590952 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692622900 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.692646027 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.693687916 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.693730116 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.693758011 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.693762064 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.693809986 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.693947077 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.694003105 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.694026947 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.694087982 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.694186926 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.694226980 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.694242954 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.694247961 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.694279909 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.694314003 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.694358110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.694370031 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.694375038 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.694426060 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695382118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695429087 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695461035 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695466042 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695493937 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695512056 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695628881 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695668936 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695688009 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695692062 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695725918 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695739985 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695808887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695852041 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695867062 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695872068 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695914984 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.695959091 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.696002960 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.696882963 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.696927071 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.696935892 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.696948051 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.696985006 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697006941 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697227955 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697271109 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697295904 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697305918 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697316885 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697348118 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697366953 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697479010 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697524071 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697549105 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697554111 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697590113 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697609901 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697637081 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697680950 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697695017 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697700024 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697726965 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.697745085 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699455976 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699501991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699527025 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699531078 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699558973 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699579954 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699664116 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699707031 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699727058 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699732065 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699760914 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699779987 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699879885 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699922085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699939966 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699944973 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.699992895 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700042009 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700084925 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700112104 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700117111 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700143099 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700162888 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700182915 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700229883 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700839043 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700884104 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700908899 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700912952 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700941086 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.700958967 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701262951 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701303959 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701337099 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701340914 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701368093 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701385021 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701446056 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701488972 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701503992 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701508045 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701550007 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701561928 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701657057 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701699972 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701715946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701726913 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701752901 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.701771975 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.703075886 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.703119040 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.703130007 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.703140974 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.703166008 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.703192949 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.703301907 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.703342915 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.703366995 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.703372002 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.703380108 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.703403950 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.703418016 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.704776049 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.704817057 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.704859018 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.704863071 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.704889059 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.704916954 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.705029964 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.705074072 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.705096960 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.705101013 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.705137014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.705137014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.706091881 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.706137896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.706166029 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.706170082 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.706206083 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.706223965 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.706301928 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.706341982 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.706362009 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.706367016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.706398964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.706417084 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.707904100 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.707943916 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.707990885 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.707994938 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.708025932 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.708045959 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.708151102 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.708189964 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.708225965 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.708230019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.708261967 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.708267927 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.709323883 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.709367990 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.709388018 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.709393024 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.709423065 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.709453106 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.709539890 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.709583044 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.709597111 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.709600925 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.709642887 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.710676908 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.710720062 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.710757017 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.710762024 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.710804939 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.710882902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.710920095 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.710921049 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.710937023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.710943937 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.710974932 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.712131023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.712182045 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.712204933 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.712210894 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.712238073 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.712260008 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.712450981 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.712527037 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.712559938 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.712627888 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.713454962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.713500023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.713526011 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.713530064 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.713566065 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.713583946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.713834047 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.713905096 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.713907003 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.713927031 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.713962078 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.713982105 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.714812040 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.714855909 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.714879990 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.714884996 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.714911938 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.714931965 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.715111971 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.715156078 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.715179920 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.715183973 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.715214014 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.715231895 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.716461897 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.716500998 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.716527939 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.716532946 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.716567993 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.716590881 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.716639042 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.716681004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.716696978 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.716702938 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.716736078 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.718812943 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.718858004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.718887091 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.718892097 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.718923092 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.718940973 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.719126940 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.719172955 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.719187975 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.719192982 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.719232082 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.720315933 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.720360994 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.720397949 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.720402002 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.720431089 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.720448971 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.720514059 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.720560074 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.720576048 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.720581055 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.720611095 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.720628977 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.721735001 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.721777916 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.721808910 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.721813917 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.721839905 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.721859932 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.721947908 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.721992016 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.722028017 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.722032070 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.722074986 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.722094059 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.723037004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.723078966 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.723108053 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.723113060 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.723161936 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.723246098 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.723289967 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.723318100 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.723329067 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.723357916 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.723377943 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.724400997 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.724471092 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.724493027 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.724554062 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.724663019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.724710941 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.724729061 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.724735022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.724766016 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.724786043 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.726075888 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.726134062 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.726161003 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.726166010 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.726197958 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.726217985 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.726423979 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.726469040 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.726483107 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.726492882 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.726525068 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.726550102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.728132963 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.728182077 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.728199959 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.728205919 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.728240967 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.728260040 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.728384018 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.728424072 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.728439093 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.728444099 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.728480101 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.729676008 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.729717970 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.729746103 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.729751110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.729782104 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.729806900 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.730026007 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.730072021 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.730087042 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.730099916 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.730134010 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.730165958 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.731268883 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.731313944 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.731352091 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.731355906 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.731384993 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.731409073 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.731432915 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.731475115 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.731489897 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.731494904 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.731525898 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.731544018 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.732532978 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.732573986 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.732594967 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.732599974 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.732635021 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.732654095 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.732733965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.732778072 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.732799053 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.732803106 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.732830048 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.732847929 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.733608961 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.733653069 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.733678102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.733681917 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.733710051 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.733727932 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.733880997 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.733927965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.733958006 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.733962059 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.733988047 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.734008074 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.735502005 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.735544920 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.735580921 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.735584974 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.735625029 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.735714912 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.735755920 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.735776901 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.735781908 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.735811949 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.735830069 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737195015 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737236023 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737272024 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737286091 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737308979 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737323999 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737330914 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737363100 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737394094 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737418890 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737425089 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737457991 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737473011 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.737504959 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.738679886 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.738719940 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.738754988 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.738764048 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.738792896 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.738811016 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.738928080 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.738966942 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.738991022 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.738996029 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.739021063 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.739043951 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.740665913 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.740708113 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.740731955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.740741968 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.740767956 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.740778923 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.740973949 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741014004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741031885 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741036892 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741070986 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741164923 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741205931 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741220951 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741225004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741272926 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741373062 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741414070 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741444111 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741449118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741475105 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.741494894 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.742594004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.742635012 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.742661953 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.742666006 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.742698908 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.742717981 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.742748022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.742788076 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.742805004 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.742810011 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.742836952 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.742857933 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.744580984 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.744621038 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.744744062 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.744772911 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.744772911 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.744792938 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.744801998 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.744817972 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.744844913 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.744879007 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746311903 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746355057 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746367931 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746411085 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746417999 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746455908 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746520042 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746562004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746573925 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746594906 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746598959 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746624947 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746643066 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746704102 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746745110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746757030 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746767044 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746794939 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.746815920 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.747025967 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.747075081 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.747103930 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.747108936 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.747134924 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.747153044 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748013020 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748066902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748090029 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748095036 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748188019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748188972 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748210907 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748239040 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748259068 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748300076 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748303890 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748316050 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748347044 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748723984 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748761892 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748800993 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748805046 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748823881 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748843908 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748878002 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748920918 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748936892 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748940945 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.748976946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.749968052 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.750010967 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.750042915 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.750046968 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.750082970 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.750116110 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.750190020 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.750235081 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.750252962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.750257969 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.750289917 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.750329018 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.751341105 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.751384020 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.751403093 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.751409054 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.751441002 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.751460075 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.751544952 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.751605034 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.751607895 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.751631021 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.751662970 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.753192902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.753233910 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.753261089 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.753264904 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.753294945 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.753314018 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.753930092 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.753973007 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.753988028 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.753993988 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.754029989 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.754049063 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.754189968 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.754230976 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.754255056 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.754259109 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.754286051 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.754303932 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.754371881 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.754415035 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.754434109 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.754439116 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.754472971 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.755142927 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.755184889 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.755201101 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.755206108 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.755243063 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.755413055 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.755453110 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.755472898 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.755476952 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.755508900 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.755520105 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.756582022 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.756622076 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.756640911 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.756645918 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.756681919 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.756701946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.756717920 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.756764889 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.756783009 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.756788015 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.756817102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.756838083 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.757807970 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.757850885 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.757858038 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.757899046 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.757903099 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.757925034 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.757941961 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758354902 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758400917 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758419991 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758424997 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758460999 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758472919 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758765936 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758805990 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758832932 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758836985 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758869886 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758891106 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758919954 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758963108 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758980036 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.758985996 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.759051085 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.760149002 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.760189056 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.760215044 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.760219097 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.760247946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.760268927 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.760296106 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.760344982 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.760368109 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.760425091 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.761331081 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.761390924 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.761403084 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.761413097 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.761439085 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.761460066 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.761609077 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.761653900 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.761674881 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.761679888 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.761707067 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.761725903 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.762767076 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.762805939 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.762835026 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.762839079 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.762868881 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.762887955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.762934923 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.762978077 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.762995958 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.763000965 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.763044119 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.764394045 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.764436007 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.764456987 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.764462948 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.764494896 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.764514923 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.764678955 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.764736891 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.764750957 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.764807940 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.765995026 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.766036987 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.766069889 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.766074896 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.766113997 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.766134024 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.766710043 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.766751051 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.766791105 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.766794920 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.766819954 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.766840935 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.767056942 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.767105103 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.767123938 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.767128944 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.767158985 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.767184973 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.767246962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.767290115 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.767318964 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.767324924 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.767355919 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.767374992 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.768348932 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.768393040 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.768414021 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.768419981 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.768448114 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.768474102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769114971 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769155025 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769191980 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769196987 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769227028 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769252062 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769378901 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769422054 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769444942 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769449949 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769471884 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769491911 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769514084 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769556046 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769575119 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769579887 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769607067 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.769623995 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770690918 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770730019 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770760059 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770765066 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770796061 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770811081 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770817041 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770833969 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770873070 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770881891 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770898104 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770908117 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770941019 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.770965099 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.772021055 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.772063017 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.772102118 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.772108078 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.772140980 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.772161961 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.772347927 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.772389889 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.772414923 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.772419930 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.772435904 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.772463083 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.773555994 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.773601055 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.773636103 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.773643017 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.773690939 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.773720026 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.773761988 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.773792982 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.773797989 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.773821115 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.773838043 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.774059057 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.774104118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.774126053 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.774131060 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.774158001 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.774175882 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775182962 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775223017 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775254965 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775259018 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775293112 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775314093 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775319099 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775343895 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775377989 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775392056 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775404930 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775413990 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775445938 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775487900 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775635004 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775686979 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775719881 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775719881 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775727034 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775738955 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775777102 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775801897 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775840998 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775871038 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775875092 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775907993 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775922060 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.775958061 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.776001930 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.776027918 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.776031971 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.776062965 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.776083946 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.776999950 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.777043104 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.777081013 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.777086020 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.777112961 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.777133942 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778047085 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778089046 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778115034 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778120041 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778147936 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778176069 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778322935 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778368950 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778389931 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778394938 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778422117 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778439999 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778518915 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778567076 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778583050 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778587103 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778621912 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.778642893 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780111074 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780153990 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780180931 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780185938 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780213118 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780230999 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780301094 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780340910 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780364990 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780369043 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780394077 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780414104 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780556917 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780600071 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780625105 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780628920 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780657053 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780674934 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780762911 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780810118 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780824900 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780829906 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.780863047 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782337904 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782383919 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782408953 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782413960 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782439947 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782459021 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782629967 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782672882 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782696962 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782701969 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782728910 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782747030 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782851934 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782895088 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782911062 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782916069 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.782962084 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.783009052 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.783056021 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.783066988 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.783078909 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.783111095 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.783129930 CET49732443192.168.2.918.67.65.20
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.783998013 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.784039021 CET4434973218.67.65.20192.168.2.9
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:48.784064054 CET49732443192.168.2.918.67.65.20

                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:37.930799961 CET192.168.2.91.1.1.10xbca0Standard query (0)veryfast.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.258085012 CET192.168.2.91.1.1.10xff45Standard query (0)veryfast.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.258479118 CET192.168.2.91.1.1.10x642Standard query (0)veryfast.io65IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.273181915 CET192.168.2.91.1.1.10xc2a2Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.273181915 CET192.168.2.91.1.1.10x9d5dStandard query (0)clients2.google.com65IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.274142027 CET192.168.2.91.1.1.10xdd51Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.274595022 CET192.168.2.91.1.1.10x9f69Standard query (0)accounts.google.com65IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.123219013 CET192.168.2.91.1.1.10x6054Standard query (0)repcdn.veryfast.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.398873091 CET192.168.2.91.1.1.10xa28fStandard query (0)repository.pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.399113894 CET192.168.2.91.1.1.10x6f52Standard query (0)repository.pcapp.store65IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.137020111 CET192.168.2.91.1.1.10xe410Standard query (0)repository.pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.137327909 CET192.168.2.91.1.1.10x4397Standard query (0)repository.pcapp.store65IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.055298090 CET192.168.2.91.1.1.10xf6eeStandard query (0)veryfast.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.055478096 CET192.168.2.91.1.1.10x55e0Standard query (0)veryfast.io65IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.078736067 CET192.168.2.91.1.1.10x8925Standard query (0)d1uyoz7mfvzv4e.cloudfront.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.166033030 CET192.168.2.91.1.1.10x543fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.166331053 CET192.168.2.91.1.1.10x632aStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:11:28.571285963 CET192.168.2.91.1.1.10x3d9fStandard query (0)connect.facebook.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:11:28.571544886 CET192.168.2.91.1.1.10x976fStandard query (0)connect.facebook.net65IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:12.180015087 CET192.168.2.91.1.1.10x4e53Standard query (0)clients1.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:12.180210114 CET192.168.2.91.1.1.10x3106Standard query (0)clients1.google.com65IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:47.380388021 CET192.168.2.91.1.1.10x3dc5Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:47.380683899 CET192.168.2.91.1.1.10xacc8Standard query (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:38.112590075 CET1.1.1.1192.168.2.90xbca0No error (0)veryfast.io161.35.127.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.390463114 CET1.1.1.1192.168.2.90x9d5dNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.390794992 CET1.1.1.1192.168.2.90xc2a2No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.390794992 CET1.1.1.1192.168.2.90xc2a2No error (0)clients.l.google.com172.217.215.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.390794992 CET1.1.1.1192.168.2.90xc2a2No error (0)clients.l.google.com172.217.215.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.390794992 CET1.1.1.1192.168.2.90xc2a2No error (0)clients.l.google.com172.217.215.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.390794992 CET1.1.1.1192.168.2.90xc2a2No error (0)clients.l.google.com172.217.215.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.390794992 CET1.1.1.1192.168.2.90xc2a2No error (0)clients.l.google.com172.217.215.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.390794992 CET1.1.1.1192.168.2.90xc2a2No error (0)clients.l.google.com172.217.215.101A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.391735077 CET1.1.1.1192.168.2.90xdd51No error (0)accounts.google.com74.125.138.84A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:43.538011074 CET1.1.1.1192.168.2.90xff45No error (0)veryfast.io161.35.127.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.309866905 CET1.1.1.1192.168.2.90x6054No error (0)repcdn.veryfast.io1791066845.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.309866905 CET1.1.1.1192.168.2.90x6054No error (0)1791066845.rsc.cdn77.org89.187.173.22A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.309866905 CET1.1.1.1192.168.2.90x6054No error (0)1791066845.rsc.cdn77.org89.187.173.11A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.584669113 CET1.1.1.1192.168.2.90xa28fNo error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.584669113 CET1.1.1.1192.168.2.90xa28fNo error (0)1715720427.rsc.cdn77.org37.19.206.5A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:45.648864985 CET1.1.1.1192.168.2.90x6f52No error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.341726065 CET1.1.1.1192.168.2.90xe410No error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.341726065 CET1.1.1.1192.168.2.90xe410No error (0)1715720427.rsc.cdn77.org89.187.173.11A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.341726065 CET1.1.1.1192.168.2.90xe410No error (0)1715720427.rsc.cdn77.org89.187.173.22A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:46.343720913 CET1.1.1.1192.168.2.90x4397No error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.174437046 CET1.1.1.1192.168.2.90xf6eeNo error (0)veryfast.io161.35.127.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.210910082 CET1.1.1.1192.168.2.90x8925No error (0)d1uyoz7mfvzv4e.cloudfront.net18.67.65.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.210910082 CET1.1.1.1192.168.2.90x8925No error (0)d1uyoz7mfvzv4e.cloudfront.net18.67.65.94A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.210910082 CET1.1.1.1192.168.2.90x8925No error (0)d1uyoz7mfvzv4e.cloudfront.net18.67.65.114A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.210910082 CET1.1.1.1192.168.2.90x8925No error (0)d1uyoz7mfvzv4e.cloudfront.net18.67.65.29A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.286390066 CET1.1.1.1192.168.2.90x543fNo error (0)www.google.com74.125.136.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.286390066 CET1.1.1.1192.168.2.90x543fNo error (0)www.google.com74.125.136.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.286390066 CET1.1.1.1192.168.2.90x543fNo error (0)www.google.com74.125.136.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.286390066 CET1.1.1.1192.168.2.90x543fNo error (0)www.google.com74.125.136.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.286390066 CET1.1.1.1192.168.2.90x543fNo error (0)www.google.com74.125.136.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.286390066 CET1.1.1.1192.168.2.90x543fNo error (0)www.google.com74.125.136.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:10:47.286408901 CET1.1.1.1192.168.2.90x632aNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:11:28.688466072 CET1.1.1.1192.168.2.90x3d9fNo error (0)connect.facebook.netscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:11:28.688466072 CET1.1.1.1192.168.2.90x3d9fNo error (0)scontent.xx.fbcdn.net31.13.65.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:11:28.688802004 CET1.1.1.1192.168.2.90x976fNo error (0)connect.facebook.netscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:12.297606945 CET1.1.1.1192.168.2.90x3106No error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:12.297631025 CET1.1.1.1192.168.2.90x4e53No error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:12.297631025 CET1.1.1.1192.168.2.90x4e53No error (0)clients.l.google.com74.125.138.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:12.297631025 CET1.1.1.1192.168.2.90x4e53No error (0)clients.l.google.com74.125.138.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:12.297631025 CET1.1.1.1192.168.2.90x4e53No error (0)clients.l.google.com74.125.138.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:12.297631025 CET1.1.1.1192.168.2.90x4e53No error (0)clients.l.google.com74.125.138.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:12.297631025 CET1.1.1.1192.168.2.90x4e53No error (0)clients.l.google.com74.125.138.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:12.297631025 CET1.1.1.1192.168.2.90x4e53No error (0)clients.l.google.com74.125.138.101A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:47.497968912 CET1.1.1.1192.168.2.90xacc8No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:47.498193026 CET1.1.1.1192.168.2.90x3dc5No error (0)www.google.com64.233.177.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:47.498193026 CET1.1.1.1192.168.2.90x3dc5No error (0)www.google.com64.233.177.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:47.498193026 CET1.1.1.1192.168.2.90x3dc5No error (0)www.google.com64.233.177.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:47.498193026 CET1.1.1.1192.168.2.90x3dc5No error (0)www.google.com64.233.177.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:47.498193026 CET1.1.1.1192.168.2.90x3dc5No error (0)www.google.com64.233.177.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Feb 5, 2024 16:12:47.498193026 CET1.1.1.1192.168.2.90x3dc5No error (0)www.google.com64.233.177.106A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            0192.168.2.949708161.35.127.1814437068C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:38 UTC243OUTGET /pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&evt_src=installer&evt_action=mini_start&version=&defaultbrowser=default HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-02-05 15:10:38 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:38 GMT
                                                                                                                                                                                                                                            Content-Type: image/gif
                                                                                                                                                                                                                                            Content-Length: 42
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:10:38 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                            Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            1192.168.2.949710172.217.215.1024432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:43 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                                                                                                                                                                                                                            Host: clients2.google.com
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            X-Goog-Update-Interactivity: fg
                                                                                                                                                                                                                                            X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                                                                                                                                                                                                                                            X-Goog-Update-Updater: chromecrx-117.0.5938.134
                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            2024-02-05 15:10:43 UTC732INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-YMZ9ig8_D9NUBOsi37sM4w' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                                                                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:43 GMT
                                                                                                                                                                                                                                            Content-Type: text/xml; charset=UTF-8
                                                                                                                                                                                                                                            X-Daynum: 6244
                                                                                                                                                                                                                                            X-Daystart: 25843
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            Server: GSE
                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            2024-02-05 15:10:43 UTC520INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 34 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 35 38 34 33 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                                                                                                                                                                                                                            Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6244" elapsed_seconds="25843"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                                                                                                                                                                                                                            2024-02-05 15:10:43 UTC200INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                                                                                                                                                                                                                                            2024-02-05 15:10:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            2192.168.2.94971174.125.138.844432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:43 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                                                                                                                                                                                                                                            Host: accounts.google.com
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            Content-Length: 1
                                                                                                                                                                                                                                            Origin: https://www.google.com
                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            Cookie: NID=511=k9tT3q7Yfh1nx_FSl06F5UE_vdaFQreiGKe1aDN83MeveD7PL1RZXva4s-nFc9waQi9LtKavuTIba8MUkoGu58E8E81gwB_TWJ4Ng-LfCvzhem7rNrhZQ2aGvJZ9g2TYhqx2W2O4E7uHQzPk3vuLvMLxFXZsqE6NdAViQDECGpo
                                                                                                                                                                                                                                            2024-02-05 15:10:43 UTC1OUTData Raw: 20
                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                            2024-02-05 15:10:43 UTC1799INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                            Access-Control-Allow-Origin: https://www.google.com
                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:43 GMT
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                                                                                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-piA5Y7DBvrAPY6jzI9_l_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                                            Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                                                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                            reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmLw0pBiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQBiIR6Oz1-a17EJXPj74S8TALw2GLg"
                                                                                                                                                                                                                                            Server: ESF
                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            2024-02-05 15:10:43 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 11["gaia.l.a.r",[]]
                                                                                                                                                                                                                                            2024-02-05 15:10:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            3192.168.2.949715161.35.127.1814432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:43 UTC711OUTGET /installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019 HTTP/1.1
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                            Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                            Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                            Sec-Fetch-User: ?1
                                                                                                                                                                                                                                            Sec-Fetch-Dest: document
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC349INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:43 GMT
                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                            Content-Length: 266
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC266INData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 72 63 2f 6d 61 69 6e 5f 63 6f 64 65 2e 6a 73 3f 74 3d 32 30 31 37 31 30 32 30 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 66 74 28 27 73 74 61 72 74 49 6e 73 74 61 6c 6c 27 29 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 69 6e 73 74 61 6c 6c 69 6e 67 32 2e 68 74 6d 6c 27 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0a 20 20 20 20 20 20 20 20 7d 2c 32 30 30 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69
                                                                                                                                                                                                                                            Data Ascii: <html> <script src="src/main_code.js?t=20171020"></script> <script> ft('startInstall'); window.setTimeout(function(){ window.location.href = 'installing2.html'+window.location.search; },200); </scri


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            4192.168.2.949714161.35.127.1814432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC591OUTGET /src/main_code.js?t=20171020 HTTP/1.1
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: script
                                                                                                                                                                                                                                            Referer: https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC363INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:44 GMT
                                                                                                                                                                                                                                            Content-Type: application/javascript
                                                                                                                                                                                                                                            Content-Length: 9719
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC9719INData Raw: 76 61 72 20 6d 61 6b 65 50 6f 73 74 52 65 71 75 65 73 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 75 72 6c 2c 20 64 61 74 61 2c 20 63 61 6c 6c 62 61 63 6b 29 20 7b 0a 20 20 76 61 72 20 68 74 74 70 52 65 71 75 65 73 74 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 0a 20 20 69 66 20 28 21 68 74 74 70 52 65 71 75 65 73 74 29 20 7b 0a 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 47 69 76 69 6e 67 20 75 70 20 3a 28 20 43 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 61 6e 20 58 4d 4c 48 54 54 50 20 69 6e 73 74 61 6e 63 65 22 29 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 20 20 7d 0a 20 20 68 74 74 70 52 65 71 75 65 73 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29
                                                                                                                                                                                                                                            Data Ascii: var makePostRequest = function (url, data, callback) { var httpRequest = new XMLHttpRequest(); if (!httpRequest) { console.log("Giving up :( Cannot create an XMLHTTP instance"); return false; } httpRequest.onreadystatechange = function ()


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            5192.168.2.949717161.35.127.1814432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC819OUTGET /installing2.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019 HTTP/1.1
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                            Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                            Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                            Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                            Sec-Fetch-Dest: document
                                                                                                                                                                                                                                            Referer: https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            Cookie: _fcid=1707145843760178
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC350INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:44 GMT
                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                            Content-Length: 2700
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC2700INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 61 73 73 65 74 73 2f 70 6c 75 67 69 6e 73 2f 6a 71 75 65 72 79 2d 33 2e 35 2e 31 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 49 6e 73 74 61 6c 6c 69 6e 67 20 46 61 73 74 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 20 53 61 6e 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 3e 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4f 70 65 6e 20 53 61 6e
                                                                                                                                                                                                                                            Data Ascii: <html><head><script type="text/javascript" src="assets/plugins/jquery-3.5.1.min.js"></script> <title>Installing Fast!</title> <link href='//fonts.googleapis.com/css?family=Open Sans' rel='stylesheet'><style>body {font-family: 'Open San


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            6192.168.2.949716161.35.127.1814432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC699OUTPOST /api/api.php HTTP/1.1
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            Content-Length: 62
                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Origin: https://veryfast.io
                                                                                                                                                                                                                                            Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                            Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                            Referer: https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            Cookie: _fcid=1707145843760178
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC62OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 22 2c 22 61 22 3a 22 74 72 69 67 67 65 72 22 2c 22 70 22 3a 7b 22 74 22 3a 22 73 74 61 72 74 49 6e 73 74 61 6c 6c 22 2c 22 77 73 22 3a 74 72 75 65 7d 7d
                                                                                                                                                                                                                                            Data Ascii: {"c":"front","a":"trigger","p":{"t":"startInstall","ws":true}}
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC341INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:44 GMT
                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC75INData Raw: 34 30 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 5c 22 73 74 61 72 74 49 6e 73 74 61 6c 6c 20 2d 20 65 6d 70 74 79 5c 22 29 3b 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 40{"state":"ok","result":"console.log(\"startInstall - empty\");"}0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            7192.168.2.949718161.35.127.1814432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC861OUTGET /pixel.gif?evt_src=web&evt_action=new_fcid&ncrd=1707145843767&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/117.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                            Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: image
                                                                                                                                                                                                                                            Referer: https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            Cookie: _fcid=1707145843760178


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            8192.168.2.949719161.35.127.1814437068C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:44 UTC183OUTGET /download.php?engine=1&guid=3BC72742-A345-A4E4-61BC-197C285C1019 HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC375INHTTP/1.1 302 Found
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:45 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Location: https://repcdn.veryfast.io/download/2.305/SetupEngine.exe
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            9192.168.2.949721161.35.127.1814432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC631OUTGET /assets/plugins/jquery-3.5.1.min.js HTTP/1.1
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: script
                                                                                                                                                                                                                                            Referer: https://veryfast.io/installing2.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            Cookie: _fcid=1707145843760178
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC364INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:45 GMT
                                                                                                                                                                                                                                            Content-Type: application/javascript
                                                                                                                                                                                                                                            Content-Length: 89476
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC16020INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 35 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20
                                                                                                                                                                                                                                            Data Ascii: /*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC16384INData Raw: 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 21 31 3b 75 3d 6c 3d 22 6f 6e 6c 79 22 3d 3d 3d 68 26 26 21 75 26 26 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 7d 72 65 74 75 72 6e 21 30 7d 69 66 28 75 3d 5b 6d 3f 63 2e 66 69 72 73 74 43 68 69 6c 64 3a 63 2e 6c 61 73 74 43 68 69 6c 64 5d 2c 6d 26 26 70 29 7b 64 3d 28 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 63 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 26 26 72 5b 32 5d 2c 61 3d 73 26 26 63 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 73 5d 3b 77 68 69 6c 65 28 61
                                                                                                                                                                                                                                            Data Ascii: eName.toLowerCase()===f:1===a.nodeType)return!1;u=l="only"===h&&!u&&"nextSibling"}return!0}if(u=[m?c.firstChild:c.lastChild],m&&p){d=(s=(r=(i=(o=(a=c)[S]||(a[S]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===k&&r[1])&&r[2],a=s&&c.childNodes[s];while(a
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC16384INData Raw: 2c 6e 29 24 28 65 2c 74 2c 73 2c 6e 5b 73 5d 2c 21 30 2c 6f 2c 61 29 3b 65 6c 73 65 20 69 66 28 76 6f 69 64 20 30 21 3d 3d 72 26 26 28 69 3d 21 30 2c 6d 28 72 29 7c 7c 28 61 3d 21 30 29 2c 6c 26 26 28 61 3f 28 74 2e 63 61 6c 6c 28 65 2c 72 29 2c 74 3d 6e 75 6c 6c 29 3a 28 6c 3d 74 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6c 2e 63 61 6c 6c 28 53 28 65 29 2c 6e 29 7d 29 29 2c 74 29 29 66 6f 72 28 3b 73 3c 75 3b 73 2b 2b 29 74 28 65 5b 73 5d 2c 6e 2c 61 3f 72 3a 72 2e 63 61 6c 6c 28 65 5b 73 5d 2c 73 2c 74 28 65 5b 73 5d 2c 6e 29 29 29 3b 72 65 74 75 72 6e 20 69 3f 65 3a 6c 3f 74 2e 63 61 6c 6c 28 65 29 3a 75 3f 74 28 65 5b 30 5d 2c 6e 29 3a 6f 7d 2c 5f 3d 2f 5e 2d 6d 73 2d 2f 2c 7a 3d 2f 2d 28 5b 61 2d 7a 5d 29 2f 67 3b
                                                                                                                                                                                                                                            Data Ascii: ,n)$(e,t,s,n[s],!0,o,a);else if(void 0!==r&&(i=!0,m(r)||(a=!0),l&&(a?(t.call(e,r),t=null):(l=t,t=function(e,t,n){return l.call(S(e),n)})),t))for(;s<u;s++)t(e[s],n,a?r:r.call(e[s],s,t(e[s],n)));return i?e:l?t.call(e):u?t(e[0],n):o},_=/^-ms-/,z=/-([a-z])/g;
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC16384INData Raw: 26 26 28 6e 26 26 69 65 28 72 29 26 26 79 65 28 76 65 28 72 2c 22 73 63 72 69 70 74 22 29 29 2c 72 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 72 29 29 3b 72 65 74 75 72 6e 20 65 7d 53 2e 65 78 74 65 6e 64 28 7b 68 74 6d 6c 50 72 65 66 69 6c 74 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 7d 2c 63 6c 6f 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 2c 73 2c 75 2c 6c 2c 63 3d 65 2e 63 6c 6f 6e 65 4e 6f 64 65 28 21 30 29 2c 66 3d 69 65 28 65 29 3b 69 66 28 21 28 79 2e 6e 6f 43 6c 6f 6e 65 43 68 65 63 6b 65 64 7c 7c 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 26 26 31 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 29 29 66 6f
                                                                                                                                                                                                                                            Data Ascii: &&(n&&ie(r)&&ye(ve(r,"script")),r.parentNode.removeChild(r));return e}S.extend({htmlPrefilter:function(e){return e},clone:function(e,t,n){var r,i,o,a,s,u,l,c=e.cloneNode(!0),f=ie(e);if(!(y.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||S.isXMLDoc(e)))fo
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC16384INData Raw: 61 74 65 45 6c 65 6d 65 6e 74 28 22 6f 70 74 69 6f 6e 22 29 29 2c 72 74 2e 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 2c 79 2e 63 68 65 63 6b 4f 6e 3d 22 22 21 3d 3d 72 74 2e 76 61 6c 75 65 2c 79 2e 6f 70 74 53 65 6c 65 63 74 65 64 3d 69 74 2e 73 65 6c 65 63 74 65 64 2c 28 72 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 29 2e 76 61 6c 75 65 3d 22 74 22 2c 72 74 2e 74 79 70 65 3d 22 72 61 64 69 6f 22 2c 79 2e 72 61 64 69 6f 56 61 6c 75 65 3d 22 74 22 3d 3d 3d 72 74 2e 76 61 6c 75 65 3b 76 61 72 20 70 74 2c 64 74 3d 53 2e 65 78 70 72 2e 61 74 74 72 48 61 6e 64 6c 65 3b 53 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 24 28 74 68 69 73 2c 53 2e 61 74 74 72
                                                                                                                                                                                                                                            Data Ascii: ateElement("option")),rt.type="checkbox",y.checkOn=""!==rt.value,y.optSelected=it.selected,(rt=E.createElement("input")).value="t",rt.type="radio",y.radioValue="t"===rt.value;var pt,dt=S.expr.attrHandle;S.fn.extend({attr:function(e,t){return $(this,S.attr
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC7920INData Raw: 6c 65 6e 67 74 68 29 7d 2c 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 6e 65 77 20 43 2e 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 7d 63 61 74 63 68 28 65 29 7b 7d 7d 3b 76 61 72 20 5f 74 3d 7b 30 3a 32 30 30 2c 31 32 32 33 3a 32 30 34 7d 2c 7a 74 3d 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 28 29 3b 79 2e 63 6f 72 73 3d 21 21 7a 74 26 26 22 77 69 74 68 43 72 65 64 65 6e 74 69 61 6c 73 22 69 6e 20 7a 74 2c 79 2e 61 6a 61 78 3d 7a 74 3d 21 21 7a 74 2c 53 2e 61 6a 61 78 54 72 61 6e 73 70 6f 72 74 28 66 75 6e 63 74 69 6f 6e 28 69 29 7b 76 61 72 20 6f 2c 61 3b 69 66 28 79 2e 63 6f 72 73 7c 7c 7a 74 26 26 21 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 29 72 65 74 75 72 6e 7b
                                                                                                                                                                                                                                            Data Ascii: length)},S.ajaxSettings.xhr=function(){try{return new C.XMLHttpRequest}catch(e){}};var _t={0:200,1223:204},zt=S.ajaxSettings.xhr();y.cors=!!zt&&"withCredentials"in zt,y.ajax=zt=!!zt,S.ajaxTransport(function(i){var o,a;if(y.cors||zt&&!i.crossDomain)return{


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            10192.168.2.949720161.35.127.1814432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC672OUTGET /images/fast.png HTTP/1.1
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                            Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: image
                                                                                                                                                                                                                                            Referer: https://veryfast.io/installing2.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            Cookie: _fcid=1707145843760178
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC279INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:45 GMT
                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                            Content-Length: 162
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Location: https://repository.pcapp.store/pcapp/images/fast.png
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            11192.168.2.94972389.187.173.224437068C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC157OUTGET /download/2.305/SetupEngine.exe HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            Host: repcdn.veryfast.io
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC737INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:45 GMT
                                                                                                                                                                                                                                            Content-Type: application/x-msdownload
                                                                                                                                                                                                                                            Content-Length: 3208568
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            x-amz-id-2: Vm9kUAg8Xa6Of9kO2q7B2QUO3av8pnxIpA+Ja55SxcuaUXW5E1BZVgT25Fl265ELRCjoqy05AC73OL7QsgHkFhp59Fgmihz4cmy/gAvq+Ns=
                                                                                                                                                                                                                                            x-amz-request-id: 10GWEW027KRDEM9C
                                                                                                                                                                                                                                            Last-Modified: Fri, 17 Nov 2023 10:37:38 GMT
                                                                                                                                                                                                                                            ETag: "6adc1c797360abee521cac2019130184"
                                                                                                                                                                                                                                            x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                            x-amz-version-id: V82NUOJ7aeDIpt943Zx5Ic8vQUzQPDad
                                                                                                                                                                                                                                            X-77-NZT: EggBWbutFQFBDAGckjvoAfd+MgMA
                                                                                                                                                                                                                                            X-77-NZT-Ray: 256bf619af6df77075fac065e4c22e2e
                                                                                                                                                                                                                                            X-Accel-Expires: @1707973111
                                                                                                                                                                                                                                            X-Accel-Date: 1706936311
                                                                                                                                                                                                                                            X-77-Cache: HIT
                                                                                                                                                                                                                                            X-77-Age: 209534
                                                                                                                                                                                                                                            Server: CDN77-Turbo
                                                                                                                                                                                                                                            X-Cache-LB: MISS
                                                                                                                                                                                                                                            X-77-POP: miamiUSFL
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC15647INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 5a 9b 4f 61 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 6a 00 00 00 da 02 00 00 08 00
                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf*_9PfPgLPf*_;PfsVPf.V`PfRichPfPELZOaj
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC16384INData Raw: 45 c8 00 05 00 00 89 45 d4 8d 45 c4 50 c7 45 e0 01 00 00 00 c7 45 d0 94 a3 40 00 e8 24 12 00 00 c9 c2 0c 00 55 8b ec 81 7d 0c 10 01 00 00 56 8b 75 14 75 26 ff 76 30 6a 1d ff 75 08 e8 39 fb ff ff 8b 46 3c c1 e0 0b 05 00 60 43 00 50 68 e8 03 00 00 ff 75 08 e8 02 12 00 00 56 ff 75 10 ff 75 0c e8 7b fb ff ff 5e 5d c2 10 00 55 8b ec 83 ec 4c a1 40 c2 42 00 53 89 45 e4 56 8b 58 3c 8b 40 38 c1 e3 0b 81 c3 00 60 43 00 81 7d 0c 0b 04 00 00 57 89 45 f8 75 11 53 68 fb 03 00 00 e8 c0 11 00 00 53 e8 fd 1d 00 00 81 7d 0c 10 01 00 00 8b 75 08 75 6c 68 fb 03 00 00 56 ff 15 64 82 40 00 53 8b f8 e8 9c 14 00 00 85 c0 74 10 53 e8 c6 14 00 00 85 c0 75 06 53 e8 11 14 00 00 53 57 89 35 d8 3e 43 00 ff 15 44 82 40 00 8b 45 14 ff 70 34 6a 01 56 e8 82 fa ff ff 8b 45 14 ff 70 30 6a
                                                                                                                                                                                                                                            Data Ascii: EEEPEE@$U}Vuu&v0ju9F<`CPhuVuu{^]UL@BSEVX<@8`C}WEuShS}uulhVd@StSuSSW5>CD@Ep4jVEp0j
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC16384INData Raw: 73 00 00 54 02 53 65 74 44 6c 67 49 74 65 6d 54 65 78 74 57 00 14 01 47 65 74 44 6c 67 49 74 65 6d 54 65 78 74 57 00 e3 01 4d 65 73 73 61 67 65 42 6f 78 49 6e 64 69 72 65 63 74 57 00 2f 00 43 68 61 72 50 72 65 76 57 00 2a 00 43 68 61 72 4e 65 78 74 41 00 d7 02 77 73 70 72 69 6e 74 66 41 00 a2 00 44 69 73 70 61 74 63 68 4d 65 73 73 61 67 65 57 00 00 01 02 50 65 65 6b 4d 65 73 73 61 67 65 57 00 00 55 53 45 52 33 32 2e 64 6c 6c 00 00 0e 02 53 65 6c 65 63 74 4f 62 6a 65 63 74 00 00 3c 02 53 65 74 54 65 78 74 43 6f 6c 6f 72 00 00 16 02 53 65 74 42 6b 4d 6f 64 65 00 3d 00 43 72 65 61 74 65 46 6f 6e 74 49 6e 64 69 72 65 63 74 57 00 29 00 43 72 65 61 74 65 42 72 75 73 68 49 6e 64 69 72 65 63 74 00 8f 00 44 65 6c 65 74 65 4f 62 6a 65 63 74 00 00 6b 01 47 65 74 44
                                                                                                                                                                                                                                            Data Ascii: sTSetDlgItemTextWGetDlgItemTextWMessageBoxIndirectW/CharPrevW*CharNextAwsprintfADispatchMessageWPeekMessageWUSER32.dllSelectObject<SetTextColorSetBkMode=CreateFontIndirectW)CreateBrushIndirectDeleteObjectkGetD
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 db ed f6 1c d5 f0 f5 ba d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 c9 e6 f3 d9 7d 99 f2 d9 4f 6c f2 d9 4f 6c f2 d9 4f 6c f2 d9 4f 6c f2 d9 4f 6c f2 d9 51 6d f3 d0 80 8e ff 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                            Data Ascii: }OlOlOlOlOlQm
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC16384INData Raw: 1b 66 49 42 12 70 91 0b 5c e8 f8 5c c1 aa 15 b5 e1 4a 6d 83 bd 10 e7 df 28 26 79 e2 99 c9 71 7d 6f d6 de aa 5e 2f 7f 56 4f 93 c0 a7 2b 4b ae 80 80 e0 da 14 eb 55 dc d6 43 f4 aa 52 08 20 7a 4c ae b3 06 a8 21 50 d1 4d 84 3b 03 15 d3 89 90 ab 4c d5 69 33 94 f3 57 90 76 50 13 33 e4 86 58 dc b2 eb ac dc 21 83 14 9b cf 3d 71 04 84 14 1e 91 94 e9 c2 7a 4c 4d 1e aa 15 0a b1 9e 56 2b 4c ac 85 14 65 19 ac d8 9c e1 a9 5d b1 28 e6 11 a6 e1 49 d0 2a 31 60 b6 10 f3 80 7b d9 92 41 48 34 9f e5 24 db 8d 77 8a 59 a9 a3 5c cf 44 e8 a6 36 41 62 94 0c 8d e8 79 18 7f c6 f0 0c f8 cc 00 5d be 0f 28 42 5f 00 2c 7a 1c ed 28 92 ea 8a 89 e9 52 eb 25 22 b5 0e 11 7a 94 9e 51 a7 c5 87 6e cc 60 b3 c8 ae 4b 72 c3 10 02 46 01 00 8c 07 a4 d2 f9 5c e8 15 fc 5a bc 44 bb 86 a2 2f b3 f4 aa 5c
                                                                                                                                                                                                                                            Data Ascii: fIBp\\Jm(&yq}o^/VO+KUCR zL!PM;Li3WvP3X!=qzLMV+Le](I*1`{AH4$wY\D6Aby](B_,z(R%"zQn`KrF\ZD/\
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC16384INData Raw: 5b aa 5f 25 d1 35 2d fe 7b 84 cb d1 37 8d 78 ca 65 a9 02 f8 83 52 37 2b 49 33 7d 59 5e ea 89 97 3d f1 5c c8 d1 0b f9 39 95 24 c6 4d af 4f 2e 96 02 c6 46 d1 4b e3 92 0b 7e 67 90 18 9f 01 8a 67 15 7d 56 40 9f fb 3f eb c0 d0 2f 01 5d b7 56 f7 5f ba a7 75 5b 75 bb 75 72 7d 96 7e 8e 7e b7 fe 0f fa 77 f5 61 fd 49 bd cc d0 df 90 63 c8 35 dc 6d b8 df f0 43 c3 23 86 ff 32 3c 63 78 c5 b0 cb f0 17 c3 49 43 7a ae 3a 77 6e ee f4 bc 35 c6 c7 8c bf 34 6e 33 fe c1 f8 27 e3 47 46 85 69 a8 69 a4 c9 60 b2 9b 6e 36 b9 4c b7 99 16 9b ee 32 ad 34 dd 67 5a 63 7a c4 b4 d1 f4 3f a6 6d a6 dd a6 37 4c 7f 34 fd c5 d4 65 fa d4 54 97 ff dd fc c6 fc 87 f2 9f cc 7f 36 7f 7b fe 9f f3 3f c8 8f e6 2b cd d9 e6 9b cc 0e b3 d3 7c 87 79 89 f9 21 f3 ab e6 5d e6 f7 cd a7 cd 72 8b d2 32 cc 72 ad
                                                                                                                                                                                                                                            Data Ascii: [_%5-{7xeR7+I3}Y^=\9$MO.FK~gg}V@?/]V_u[uur}~~waIc5mC#2<cxICz:wn54n3'GFii`n6L24gZcz?m7L4eT6{?+|y!]r2r
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC16384INData Raw: 13 1d bd 22 e8 e9 a7 9b 2d a9 00 f3 e7 8e ff db 7f da 7a 43 a1 3a fb d5 58 ee b6 55 eb ef d5 e0 1b 0c 70 d2 23 64 e3 d2 fa ca 8d e5 5b 66 da 96 d5 69 6e 89 a8 d9 28 c7 a0 f1 33 a8 94 2d 0f 94 2d 31 dc b1 d3 70 dc ba 75 f3 d2 34 19 30 7f ec 58 62 92 b8 84 1c 1a 02 b8 e0 f4 41 8e e5 d1 44 44 dc c7 3c 9a 13 11 0f e7 40 b8 dd e7 ff 1c 3f 2a 82 f0 22 13 8d 2d fc 4f f8 86 92 d1 8c ff db 7f d1 da da b4 8d 0f 7f 9a 73 a7 41 a9 bd a5 20 d2 83 6f d1 fc 4e 9a 7f 02 9e 9f 95 f2 ad e1 f9 ba 0b a5 89 d8 f5 82 93 ef 25 44 ce b0 59 a4 7d 71 b6 05 f7 28 9e da e9 f7 d8 66 87 c1 54 bb 41 cc 57 54 56 e1 fe 61 81 cf 84 2a 93 c0 9e 3a dc 24 2f 6e e6 bb bd dd e2 66 e0 83 15 78 a7 06 cd 01 f2 b3 65 51 19 11 81 9c 97 e1 76 13 3c 6b 36 24 40 39 9b 1b f4 02 3c a7 b6 88 1f 3a b8 40
                                                                                                                                                                                                                                            Data Ascii: "-zC:XUp#d[fin(3--1pu40XbADD<@?*"-OsA oN%DY}q(fTAWTVa*:$/nfxeQv<k6$@9<:@
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC16384INData Raw: b8 30 3b e0 1f 75 40 a7 4f c9 9f fe 90 e3 7f f9 45 c4 7f bb 0e ff f7 5c 24 fc 8f 3b a1 c3 ff d2 f6 ad 88 ff 2c 08 a3 a9 73 b6 d3 a2 3a e9 38 ce b4 3a 8e a1 3d ee 38 06 7a ed 3a 3c cf ef 1e 33 6f a4 b5 d5 86 8b dd d0 d0 54 8c f5 e5 ed 93 6f 3d 88 c5 ed c3 3e b2 0f 7a 2c fc 00 95 b7 e4 1f fd 50 5d 22 d8 47 4b 04 b9 58 3b d4 b0 3b 28 c3 77 c6 aa 19 be 65 e4 19 92 7e 9d 1b 47 c4 7b 8c 60 46 69 30 3f 53 60 62 80 7e 71 52 08 21 13 ba 72 13 81 2a 8e 3a 5d bd 04 fd 4b 0d 7a a7 9a 63 9b e3 68 6b ee 3c ca 71 80 60 7e ad 35 63 b5 02 63 a1 1c 53 28 c7 b9 94 9b 50 8e 90 1b b4 dc 66 29 90 63 31 37 9a e5 21 b0 18 02 4b d7 c0 cc 21 60 92 0a 66 23 b0 49 1a d8 27 51 7a b0 36 15 2c 85 c0 3e d3 aa f7 bb 10 30 46 60 80 bb 0c 02 fb 7f 1a d8 bf 45 e9 71 17 4f 2d 75 12 cc 91 31
                                                                                                                                                                                                                                            Data Ascii: 0;u@OE\$;,s:8:=8z:<3oTo=>z,P]"GKX;;(we~G{`Fi0?S`b~qR!r*:]Kzchk<q`~5ccS(Pf)c17!K!`f#I'Qz6,>0F`EqO-u1
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC16384INData Raw: b8 02 5f a9 19 89 79 b9 c9 fe 01 08 cf 71 a0 da 1a 21 ef 25 64 e6 65 61 fe b8 0c b6 10 e9 5e fa 0e a4 89 65 b9 78 d9 ab b4 3c 96 2d 03 49 13 07 f2 46 5a 1e 77 2a 27 1e bb 2e 37 fe 54 69 3c 74 e0 a9 b2 f8 35 21 5b 9c f9 4a 5d e2 80 32 20 9d 03 3a c7 6e 9a c4 32 b5 e3 f1 67 c8 49 93 0e da bb 1a c6 f9 4c 73 80 cc 88 4a 5d 89 ee 0c 41 ee ba 2f 6c 2a ce 74 cf a1 65 fd 26 ab 77 88 8e c5 66 3b e3 32 88 2e 63 70 04 4f b0 1f 14 c7 4b 0f 80 91 2a a5 c1 6f 9b d9 7f 53 d3 4e 8b e0 b1 c0 e7 04 18 7e 13 a4 f9 fe 6b f0 ac db 09 f6 85 66 30 6a 1f 30 e3 46 ff 8b 4d db 2c 82 b5 e5 ff e1 e9 1e e8 d0 b7 ca c4 26 42 46 73 59 01 0c 5f 48 3d db 5e 6f 86 7e 1a 28 92 3f c4 6b af 72 4c 5d 60 1b 22 60 06 be e1 ac 0c ba a7 7b 20 ce bf 08 13 88 37 20 40 d7 c2 30 20 06 26 73 a2 3d 85
                                                                                                                                                                                                                                            Data Ascii: _yq!%dea^ex<-IFZw*'.7Ti<t5![J]2 :n2gILsJ]A/l*te&wf;2.cpOK*oSN~kf0j0FM,&BFsY_H=^o~(?krL]`"`{ 7 @0 &s=
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC16384INData Raw: ba 55 48 37 f0 aa c7 f8 73 83 27 1d 76 ac 5e 6e ce f5 55 58 76 18 43 e8 8e 41 f6 33 75 30 bd 9d ae a6 f2 1a 79 44 97 55 c7 49 f2 48 da d2 53 bd 3d 3a cb 06 b6 cf f9 06 d9 d5 22 bb c2 2b 6e 76 b8 eb 9b 63 75 6f d7 fe 6e 8e 77 7a bb f6 5f 73 64 21 8f 1c dc f7 ce a3 b9 c4 20 b7 8b a6 e3 fa 36 32 c1 c2 ad d3 1c 17 b6 35 ba 89 f9 9e c4 dc 36 96 8e 02 96 18 37 5d 73 6c dd 86 2d 3d ee c8 e6 28 da 42 64 c6 c7 1d e4 11 f7 8b 74 7c 4f 1e b1 93 77 ac 23 8f b8 0b a4 63 15 79 c4 0d 1f 1d b9 e4 11 1b 7c c7 e2 2d ee e1 e3 6c f2 88 cb fd 8e e4 2d 6e 5d 4c c1 c7 e8 15 8e f1 5b d8 c1 e1 c8 2d 8f 6c 0c 67 62 92 6b b0 e9 cf c5 fd f8 1c f4 96 a6 8c 0b 3d f3 c2 ed 65 e8 a8 db 4a f2 82 bb eb 39 98 ad 4d 19 0f f5 24 e6 f6 0e 74 1c 64 89 89 c6 7e d9 4a 66 ee 08 de 4c 1e 71 f7 3a
                                                                                                                                                                                                                                            Data Ascii: UH7s'v^nUXvCA3u0yDUIHS=:"+nvcuonwz_sd! 62567]sl-=(Bdt|Ow#cy|-l-n]L[-lgbk=eJ9M$td~JfLq:


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            12192.168.2.94972737.19.206.54432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:45 UTC598OUTGET /pcapp/images/fast.png HTTP/1.1
                                                                                                                                                                                                                                            Host: repository.pcapp.store
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: image
                                                                                                                                                                                                                                            Referer: https://veryfast.io/
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC742INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:46 GMT
                                                                                                                                                                                                                                            Content-Type: image/png
                                                                                                                                                                                                                                            Content-Length: 675
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            x-amz-id-2: PsMgB5ZerazVUf0wf+tDMNk6U+XiqfjxU/sslsY4GXbaALcSBcU+Ehx31kv+FFF8KbPM69qw5gvWgkNIZYe+GL+9M0Wa8mX+EhyQRshTf/8=
                                                                                                                                                                                                                                            x-amz-request-id: F1P1BKV072T6T9D6
                                                                                                                                                                                                                                            Last-Modified: Wed, 06 Sep 2023 14:24:13 GMT
                                                                                                                                                                                                                                            ETag: "8d1ed092b3be364dc47574f1310d2c87"
                                                                                                                                                                                                                                            x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                            x-amz-version-id: HQ57thsBQ1PGxyZzPkfpq8dFWC9.D1Yj
                                                                                                                                                                                                                                            X-77-NZT: AiUTzgQ3Nzf/R8QAAJySO983NzfvT/IJAA
                                                                                                                                                                                                                                            X-77-NZT-Ray: 8e305f1ca8c7097876fac065a0d5d903
                                                                                                                                                                                                                                            X-Accel-Expires: @1708096837
                                                                                                                                                                                                                                            X-Accel-Date: 1707095599
                                                                                                                                                                                                                                            X-77-Cache: HIT
                                                                                                                                                                                                                                            X-77-Age: 702102
                                                                                                                                                                                                                                            Server: CDN77-Turbo
                                                                                                                                                                                                                                            X-Cache-LB: HIT
                                                                                                                                                                                                                                            X-Age-LB: 50247
                                                                                                                                                                                                                                            X-77-POP: ashburnUSVA
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC675INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 02 6a 49 44 41 54 78 da c5 56 4b 4b 1b 51 14 ce 9f eb d6 52 95 22 14 b2 71 a1 a6 15 84 08 5a 15 7c a2 50 a9 0f 0a a5 d0 22 62 c1 d4 27 2e 14 c5 07 88 0a 8d 58 69 45 05 17 42 36 96 36 5a e2 a0 63 34 ba 38 bd df d1 1b 6e 66 ee 24 4e 66 26 5e f8 20 64 31 df 77 1e df 39 27 14 2a c1 cb 24 f6 28 bd 32 4e c6 a7 56 ba 7c 1b 26 a3 a3 9a 7f 67 0e e3 14 38 f9 45 f4 25 5d bc 79 ae 47 5f 24 38 01 a6 b1 4f 00 48 1c 05 34 bf a2 c0 88 25 2e 97 3e 97 4e 80 95 bc 50 16 d0 07 81 12 4b a4 8e 56 39 5a ab 00 34 66 e0 e4 59 1c 2c b2 03 54 01 70 47 69 c8 25 92 3f 38 ed 2c 40 b8 c3 57 f2 bf 27 71 aa ef e8 a6 67 e1 08 a3 7d 70 38 af 90 eb ed 79 f2 35 72 90 bf ee 1a a0 fe d1 29
                                                                                                                                                                                                                                            Data Ascii: PNGIHDR szzjIDATxVKKQR"qZ|P"b'.XiEB66Zc48nf$Nf&^ d1w9'*$(2NV|&g8E%]yG_$8OH4%.>NPKV9Z4fY,TpGi%?8,@W'qg}p8y5r)


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            13192.168.2.94972889.187.173.114432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC367OUTGET /pcapp/images/fast.png HTTP/1.1
                                                                                                                                                                                                                                            Host: repository.pcapp.store
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                            Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC719INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:46 GMT
                                                                                                                                                                                                                                            Content-Type: image/png
                                                                                                                                                                                                                                            Content-Length: 675
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            x-amz-id-2: 7rAIYxFY8BaphtQ3eHnjSz6J/DX/TGZYnP/BN1+L7rZ/Dw0flWn/jRP8Tq3it02UBdpuYaRRokGp2ezHBFnf9w==
                                                                                                                                                                                                                                            x-amz-request-id: JKY7YN1B0XR6V7K2
                                                                                                                                                                                                                                            Last-Modified: Wed, 06 Sep 2023 14:24:13 GMT
                                                                                                                                                                                                                                            ETag: "8d1ed092b3be364dc47574f1310d2c87"
                                                                                                                                                                                                                                            x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                            x-amz-version-id: HQ57thsBQ1PGxyZzPkfpq8dFWC9.D1Yj
                                                                                                                                                                                                                                            X-77-NZT: EgwBWbutCgH3KiwBAAwBuTvfFAH3ByMAAA
                                                                                                                                                                                                                                            X-77-NZT-Ray: 596cea2e6de90e3576fac065c36b532d
                                                                                                                                                                                                                                            X-Accel-Expires: @1708096837
                                                                                                                                                                                                                                            X-Accel-Date: 1707069004
                                                                                                                                                                                                                                            X-77-Cache: HIT
                                                                                                                                                                                                                                            X-77-Age: 85809
                                                                                                                                                                                                                                            Server: CDN77-Turbo
                                                                                                                                                                                                                                            X-Cache-LB: HIT
                                                                                                                                                                                                                                            X-Age-LB: 76842
                                                                                                                                                                                                                                            X-77-POP: miamiUSFL
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC675INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 02 6a 49 44 41 54 78 da c5 56 4b 4b 1b 51 14 ce 9f eb d6 52 95 22 14 b2 71 a1 a6 15 84 08 5a 15 7c a2 50 a9 0f 0a a5 d0 22 62 c1 d4 27 2e 14 c5 07 88 0a 8d 58 69 45 05 17 42 36 96 36 5a e2 a0 63 34 ba 38 bd df d1 1b 6e 66 ee 24 4e 66 26 5e f8 20 64 31 df 77 1e df 39 27 14 2a c1 cb 24 f6 28 bd 32 4e c6 a7 56 ba 7c 1b 26 a3 a3 9a 7f 67 0e e3 14 38 f9 45 f4 25 5d bc 79 ae 47 5f 24 38 01 a6 b1 4f 00 48 1c 05 34 bf a2 c0 88 25 2e 97 3e 97 4e 80 95 bc 50 16 d0 07 81 12 4b a4 8e 56 39 5a ab 00 34 66 e0 e4 59 1c 2c b2 03 54 01 70 47 69 c8 25 92 3f 38 ed 2c 40 b8 c3 57 f2 bf 27 71 aa ef e8 a6 67 e1 08 a3 7d 70 38 af 90 eb ed 79 f2 35 72 90 bf ee 1a a0 fe d1 29
                                                                                                                                                                                                                                            Data Ascii: PNGIHDR szzjIDATxVKKQR"qZ|P"b'.XiEB66Zc48nf$Nf&^ d1w9'*$(2NV|&g8E%]yG_$8OH4%.>NPKV9Z4fY,TpGi%?8,@W'qg}p8y5r)


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            14192.168.2.949729161.35.127.1814432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:46 UTC668OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                            Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: image
                                                                                                                                                                                                                                            Referer: https://veryfast.io/installing2.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            Cookie: _fcid=1707145843760178
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC307INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:46 GMT
                                                                                                                                                                                                                                            Content-Type: image/x-icon
                                                                                                                                                                                                                                            Content-Length: 5430
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC5430INData Raw: 00 00 01 00 02 00 10 10 00 00 00 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 77 8e f5 ff 68 81 f4 41 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 94 d9 f4 bf 68 ca f0 ff 78 d0 f1 bf b0 e4 f7 41 ff ff ff 01 c3 cd fb 41 4f 6c f2 ff 55 71 f2 ff 7a 90 f5 41 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 7f d2 f2 bf 5e c7 ef ff 5e c7 ef ff 62 c5 eb ff 7c d1 f2 41 9c ae f6 7f 4f 6c f2 ff 4f 6c f2 ff 6c 84 f4 ff ff ff ff 01 ff ff ff 01 ff
                                                                                                                                                                                                                                            Data Ascii: h& ( @whAhxAAOlUqzA^^b|AOlOll


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            15192.168.2.949731161.35.127.1814432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC378OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                            Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            Cookie: _fcid=1707145843760178
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC307INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:47 GMT
                                                                                                                                                                                                                                            Content-Type: image/x-icon
                                                                                                                                                                                                                                            Content-Length: 5430
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC5430INData Raw: 00 00 01 00 02 00 10 10 00 00 00 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 77 8e f5 ff 68 81 f4 41 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 94 d9 f4 bf 68 ca f0 ff 78 d0 f1 bf b0 e4 f7 41 ff ff ff 01 c3 cd fb 41 4f 6c f2 ff 55 71 f2 ff 7a 90 f5 41 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 7f d2 f2 bf 5e c7 ef ff 5e c7 ef ff 62 c5 eb ff 7c d1 f2 41 9c ae f6 7f 4f 6c f2 ff 4f 6c f2 ff 6c 84 f4 ff ff ff ff 01 ff ff ff 01 ff
                                                                                                                                                                                                                                            Data Ascii: h& ( @whAhxAAOlUqzA^^b|AOlOll


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            16192.168.2.94973218.67.65.204437068C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC165OUTGET /download/SetupResources.exe HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                            Host: d1uyoz7mfvzv4e.cloudfront.net
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC552INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Content-Type: application/x-msdownload
                                                                                                                                                                                                                                            Content-Length: 55410880
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Last-Modified: Tue, 30 Aug 2022 22:38:00 GMT
                                                                                                                                                                                                                                            x-amz-version-id: h9p.op9tD94uGxrDnBs9nCjFXcAvGcy0
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Server: AmazonS3
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 14:56:26 GMT
                                                                                                                                                                                                                                            ETag: "39dff10c7fa51cd63a02862323bb6b41-4"
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                            Via: 1.1 920629f47fa586ce02a1a1af8b626578.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                            X-Amz-Cf-Pop: IAD89-P1
                                                                                                                                                                                                                                            X-Amz-Cf-Id: XWI7iETxdCU6q2OeIPFO8AzV9SIfFX-vc6TGGO1M94GgOH7uQKbZcA==
                                                                                                                                                                                                                                            Age: 862
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 33 28 81 e9 52 46 d2 e9 52 46 d2 e9 52 46 d2 2a 5d 19 d2 eb 52 46 d2 e9 52 47 d2 70 52 46 d2 2a 5d 1b d2 e6 52 46 d2 bd 71 76 d2 e3 52 46 d2 2e 54 40 d2 e8 52 46 d2 52 69 63 68 e9 52 46 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 6f 79 7f 56 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 60 00 00 00 84 02 00 00 04 00
                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$3(RFRFRF*]RFRGpRF*]RFqvRF.T@RFRichRFPELoyV`
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC16384INData Raw: 00 00 75 32 a1 9c a0 42 00 3b c7 74 07 50 ff 15 30 70 40 00 a1 b4 a0 42 00 3b c7 74 07 50 ff 15 f4 70 40 00 89 3d 9c a0 42 00 89 3d b4 a0 42 00 89 3d a0 ec 42 00 81 7d 0c 0f 04 00 00 0f 85 47 01 00 00 57 57 e8 a5 c5 ff ff 39 7d 10 74 07 6a 08 e8 b5 c7 ff ff 39 7d 14 74 3f ff 35 b4 a0 42 00 e8 7c c6 ff ff 8b d8 53 e8 2b c6 ff ff 33 c0 33 c9 3b df 7e 0e 8b 55 f0 39 3c 82 74 01 41 40 3b c3 7c f2 57 51 68 4e 01 00 00 ff 75 f8 ff d6 89 5d 14 c7 45 0c 20 04 00 00 57 57 e8 4e c5 ff ff a1 b4 a0 42 00 39 3d 6c ec 42 00 89 45 e4 a1 68 ec 42 00 c7 45 c8 30 f0 00 00 89 7d f4 0f 8e 9c 00 00 00 8d 58 08 8b 45 e4 8b 4d f4 8b 04 88 3b c7 74 74 8b 0b 89 45 c0 f6 c5 01 c7 45 bc 08 00 00 00 74 11 8d 43 10 c7 45 bc 09 00 00 00 89 45 cc 80 63 01 fe f6 c1 40 74 05 6a 03 58 eb
                                                                                                                                                                                                                                            Data Ascii: u2B;tP0p@B;tPp@=B=B=B}GWW9}tj9}t?5B|S+33;~U9<tA@;|WQhNu]E WWNB9=lBEhBE0}XEM;ttEEtCEEc@tjX
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC16384INData Raw: ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 a7 b5 f8 ff 81 96 f6 ff ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 68 81 f4 ff 4f 6c f2 ff 68 81 f4 ff ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 90 d8 f4 ff 69 cb f0 ff 7c d1 f2
                                                                                                                                                                                                                                            Data Ascii: hOlhi|
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC15425INData Raw: 02 31 00 d6 5a 06 0d a6 a5 50 8e a4 e7 6c 5e 90 5d 54 bc 76 9b 4f f1 c7 2e 4b 0a 70 2d 4c 7a 0c 07 01 a4 b5 ab e1 75 61 7b c8 14 44 a4 dd c5 f3 e1 39 b5 53 be 4e bb 28 c5 ee 97 d0 98 a2 8a a1 16 66 47 d8 02 e6 56 46 6d d6 91 ad 3a 53 aa 87 55 a9 35 c3 ba 18 08 32 d4 47 2c 62 b1 b1 98 3e b6 66 fb 06 87 3f 5c 24 25 46 ed dd 8d 90 6b db 88 09 76 c2 fa d1 21 f6 ec f3 90 ed 49 ef 3b 73 72 2d 45 40 46 4a ae 24 87 fb 0e 3a 0f e9 81 f1 ec 5f e3 83 37 08 35 ae 73 f4 55 86 cc 4e 45 6b 58 03 f4 f0 84 45 b2 e1 94 93 bd c0 0d 86 35 e9 c9 25 b2 b3 7a 54 22 f2 de 76 48 63 d6 cc b9 8b d2 62 79 eb 4b f6 54 bb fd 1c 0c e6 53 cb ba cd 2f 5b e4 31 44 22 10 2b 44 be 2b bd 49 1b 44 86 e0 8b a4 6c 6a ae 3b 52 81 68 ef db bf 3d c2 b8 c3 0b bf 60 ff 43 95 31 aa 0c 7e f1 9e d5 fa
                                                                                                                                                                                                                                            Data Ascii: 1ZPl^]TvO.Kp-Lzua{D9SN(fGVFm:SU52G,b>f?\$%Fkv!I;sr-E@FJ$:_75sUNEkXE5%zT"vHcbyKTS/[1D"+D+IDlj;Rh=`C1~
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC16384INData Raw: 0b 17 22 48 b2 86 cd 79 32 5d 96 e3 e4 2e 86 69 0f 25 1c 18 04 8a ca f8 05 ac 56 20 ee 8b 38 64 84 4b 5c 84 32 0e 1b cc 71 22 a9 34 9c 90 42 22 4b 45 54 59 e2 fa ef 77 de 76 80 19 47 70 7b 3a 27 c4 3b f7 8e 4f 4f 9a 21 49 08 a2 73 16 c5 6f 36 6e a5 09 b7 19 05 9a 51 1d 51 a8 8c 12 53 62 80 d4 72 ca 71 e1 b7 d3 8b 05 51 9d 4e c2 58 96 5e d4 46 75 da a4 69 77 a3 17 d5 a8 4e 13 07 7a 67 7a 51 17 d5 e9 02 67 7e 19 7a f1 1c e9 05 f3 5b ba 14 70 59 5e a3 11 39 29 8a e8 30 ee 5d e1 6f 26 19 13 d0 f0 65 1e 8c 1e e3 bd 07 45 6f 80 f6 5c 30 3d 83 16 13 75 5e 1f 6e 32 21 28 d8 4a 2b 97 1a 32 31 a1 9a 46 1a 83 0c ad 58 9e 24 c1 6a f9 97 ad 44 82 e6 12 9c a8 8e de 80 06 0d f4 64 12 e7 31 0c 73 72 55 58 95 6d 29 ba 13 06 1c be 06 16 55 a2 2e a0 10 8d 13 32 f5 3a dd 72
                                                                                                                                                                                                                                            Data Ascii: "Hy2].i%V 8dK\2q"4B"KETYwvGp{:';OO!Iso6nQQSbrqQNX^FuiwNzgzQg~z[pY^9)0]o&eEo\0=u^n2!(J+21FX$jDd1srUXm)U.2:r
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC16384INData Raw: 32 92 64 6a b7 66 14 bc 2d c1 5c 3c 29 86 db 12 1e 1b 63 82 31 93 83 cd 4b aa 66 53 8b 9f d5 db b6 d1 ac 62 b4 b3 c5 f9 03 4b 4f 20 5a 12 4d 6f 8f 08 7e f3 08 43 12 52 e0 8c 65 04 4e 98 2d b0 dd 21 1f 6c 0d 74 85 d1 1f ec 2e 45 97 ed 6b 07 86 e9 12 62 86 fc a0 0e b3 e2 61 5d 6c 9f ce d7 d8 60 80 8f 9f c2 b0 06 d0 72 3b 66 85 30 2a 70 e8 1d 40 e4 b4 92 36 dc 6d 68 b1 6c b2 43 b0 c0 59 42 1d c4 58 2c 4a 72 b8 11 ad 2c cd 21 08 df d1 21 a8 d9 f1 0d 78 96 06 10 d2 45 cc 7b 42 7a 2b 44 9d 4c d1 1d 74 9f 34 88 e3 64 0a a9 b7 29 dd e5 60 72 ff fc 87 bb 4f 16 e6 3f 84 af ef 93 ff 70 fb eb 07 fe 83 44 94 f4 ff cc f9 a9 ea a9 15 89 3d 63 4f e4 af 6f d3 be 54 21 90 3b 94 5d f1 09 fd dc a1 e2 91 33 ca ed 70 66 d4 c8 94 d2 a7 ca eb 27 e5 d2 08 0d 22 1b 2e 38 a1 02 c0
                                                                                                                                                                                                                                            Data Ascii: 2djf-\<)c1KfSbKO ZMo~CReN-!lt.Ekba]l`r;f0*p@6mhlCYBX,Jr,!!xE{Bz+DLt4d)`rO?pD=cOoT!;]3pf'".8
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC16384INData Raw: c1 28 fa f3 8c d0 0e 56 13 8c a9 7b c5 85 9c c7 35 6e 40 dc c3 44 e6 88 97 4d c0 6d 22 a8 b3 82 e9 5a 7a 4c a6 bb 50 6d dc 44 7a 0f b8 cd c0 7c c9 28 40 e3 bc 63 27 20 ed 8e 69 09 bc 49 e0 15 a1 dd 84 32 89 02 cc c1 85 41 e4 4f 70 8d ec 01 c1 e2 45 c0 62 c8 33 0f 67 cb b4 44 89 ab 08 b2 69 bc a6 15 9f 39 22 80 ac be 5b 5d 36 d3 12 c8 88 57 19 a5 a2 a9 3b d1 62 a3 f0 be 71 e3 6c fe 4c f7 6e 65 94 ee 8b a5 9a df fa 50 0a dc a4 03 ab 0c af 8a 6a 6e fd 7a 54 f3 9c 0e 0b 58 fa 7b 69 0e d8 66 36 d5 19 d1 5d be 62 d8 1d 5c 1e 22 64 06 77 06 17 6b ea b7 e4 99 f1 c6 c9 e5 10 c3 9a 7a c9 66 c3 82 d3 1a 25 74 1a b3 50 3c f1 55 4a ee 09 8c 6c 3b 41 db d3 f5 55 16 f9 d8 97 ca 45 89 8b 72 4b ce cf 2c 52 c6 45 42 b6 0c d6 ef 48 bf 12 50 87 c1 e3 39 64 5e d8 92 14 37 27
                                                                                                                                                                                                                                            Data Ascii: (V{5n@DMm"ZzLPmDz|(@c' iI2AOpEb3gDi9"[]6W;bqlLnePjnzTX{if6]b\"dwkzf%tP<UJl;AUErK,REBHP9d^7'
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC16384INData Raw: 3c e2 2b b4 5b e3 a8 bd a7 d5 1b 57 de 0a ab a6 47 db 3d da db 41 6f d0 ab fd 57 9b bb af 9e 1f d0 6d 77 f8 c1 4a 70 63 3d db c7 fd b5 89 8d ef bd b7 f3 82 d0 53 dc b6 85 9b e0 bb f4 08 af a9 6f c4 da 86 ac 8f 51 ba 9f b6 69 20 db fb 34 e2 1d ea 62 a4 d1 94 78 58 ea b7 7a fe 66 0f a3 d3 c6 23 7b 97 25 18 b3 f4 c6 d4 11 47 17 e7 79 3e fa 6e eb 48 3a b7 b4 23 ca df fd 5b 74 e2 f1 a7 6d fc d4 0b b5 fb c3 16 10 c2 fb 6f b9 d5 0a ef 98 ee bc fe 05 45 cb 7a 69 9d 3c b9 70 7e 41 ee 80 7b fe e6 15 da ef b0 1a 5e 51 9b cc c1 9b d7 47 fc 76 f0 f9 dd 23 5e 72 f4 c3 fd 83 cd e7 d4 45 27 5d 5c 5b 02 8a c7 8f 0f 71 99 4f 3f 79 ca ab 0c bd 7c 3b cf b0 9e 29 50 c7 eb dc e2 ab f3 c3 fb 5c f6 b2 16 3e 8c a2 b3 59 b3 63 45 de ba 48 3f fd c4 56 a9 bc 9c 7c 8d a6 46 bc e7 da
                                                                                                                                                                                                                                            Data Ascii: <+[WG=AoWmwJpc=SoQi 4bxXzf#{%Gy>nH:#[tmoEzi<p~A{^QGv#^rE']\[qO?y|;)P\>YcEH?V|F
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC16384INData Raw: 78 01 30 38 98 e2 5b 27 76 b9 c9 43 55 ba f1 04 5a 00 92 4c e6 38 e8 b3 64 3a 93 f9 6e 17 c6 07 7a 5a dd 4b 03 26 e1 57 c9 4a 30 c7 36 bf 31 b0 03 44 ed 49 f6 0c b2 20 cc c6 77 de 11 38 47 95 f7 88 a3 13 97 32 93 11 aa dc 6b 73 bb 28 e0 a5 ce e7 86 32 86 3d 7b 4a a4 87 7b d4 ee b9 27 11 c8 bc 37 83 10 0c 9c 1f 3f bd 56 d2 90 42 d2 50 43 1b 05 2f 3a ac 13 2c 5f 4a 72 a4 65 a7 a2 7c 34 a1 d6 ea 32 54 a5 e1 d6 d2 35 5c 7c 12 ad aa c1 69 dd aa 55 d3 ed 81 71 25 43 29 b8 09 ae 1c a0 92 3a 01 49 ba 70 9b 18 4e 06 8d 4f 37 f9 a9 ef 80 67 7b bf 0e 60 70 92 f4 69 9a 50 2f ae 70 96 75 c8 8d 40 33 ee 1f cd 09 d3 eb bc 50 61 9d d2 3b cd a7 0c dc 3d b1 c8 00 8b 96 a6 ed 2c d5 17 8e d1 c0 3e d5 e7 c8 2e 1f c4 3e 32 89 87 33 a1 55 b7 a1 16 ad 91 66 c1 d1 96 2a 12 e8 ea
                                                                                                                                                                                                                                            Data Ascii: x08['vCUZL8d:nzZK&WJ061DI w8G2ks(2={J{'7?VBPC/:,_Jre|42T5\|iUq%C):IpNO7g{`piP/pu@3Pa;=,>.>23Uf*
                                                                                                                                                                                                                                            2024-02-05 15:10:47 UTC16384INData Raw: 68 ea d9 48 65 74 8c a8 65 6b 73 2f 4f cc aa 4b 70 f3 f0 a8 20 aa 2d 57 e8 96 b3 4a b7 80 a9 f2 87 69 9f e6 cd a9 3b dd 90 2e 05 5d 0b 09 71 42 0e 1f 0a 50 d4 4d 56 fd 32 95 16 06 96 7c 56 cc d6 60 9a cd 5b dc 6f c1 30 74 6c 9d d6 fc e2 b5 c5 6b 39 3c 07 f8 10 84 a8 b1 64 df 35 b9 5e db 89 d7 51 6b 07 7b a1 c5 34 7e 8a 72 99 d9 8d d7 e9 9e e8 ce d9 95 86 23 d3 21 a7 73 29 5e 47 bf 93 36 30 79 50 74 db 6f 6d a0 7d 1b 65 9a f0 a0 67 9d ad af 7a e1 28 9e 44 43 9f 2d b7 6c a7 37 ca ce 83 b3 64 7d 32 09 e8 ae 1b 90 66 73 c7 54 f7 cd 2f 0c 79 33 8d 28 3a 66 ea ac b9 6d e0 65 30 16 16 af 0c 18 e4 4d c1 20 db 1b 1a 71 ce 0f 0d 47 a8 a3 0b c6 8f 5f 3e 1b b5 8e b9 0e af 5d fb 53 1b fd c7 21 f6 65 3f a6 31 20 dd 69 da c4 1d 6b 00 7e a4 b0 28 f5 4f 10 2b e7 a6 de b4
                                                                                                                                                                                                                                            Data Ascii: hHeteks/OKp -WJi;.]qBPMV2|V`[o0tlk9<d5^Qk{4~r#!s)^G60yPtom}egz(DC-l7d}2fsT/y3(:fme0M qG_>]S!e?1 ik~(O+


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            17192.168.2.94973820.114.59.183443
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:55 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MbwS1Ykxbhl75RS&MD=XODwZGn4 HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                            Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                            2024-02-05 15:10:56 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                                                            MS-CorrelationId: 33e6d0b4-8a0a-42a0-a5b3-86830e83ab07
                                                                                                                                                                                                                                            MS-RequestId: 90c0a744-47fb-457c-98b0-282e5ff14918
                                                                                                                                                                                                                                            MS-CV: ZlMOwXEZzU2QImw+.0
                                                                                                                                                                                                                                            X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:55 GMT
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Content-Length: 24490
                                                                                                                                                                                                                                            2024-02-05 15:10:56 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                                                            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                                                            2024-02-05 15:10:56 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                                                            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                            18192.168.2.94974023.206.229.209443
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:56 UTC2223OUTPOST /threshold/xls.aspx HTTP/1.1
                                                                                                                                                                                                                                            Origin: https://www.bing.com
                                                                                                                                                                                                                                            Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                                                                                            Content-type: text/xml
                                                                                                                                                                                                                                            X-Agent-DeviceId: 01000A4109008071
                                                                                                                                                                                                                                            X-BM-CBT: 1696497265
                                                                                                                                                                                                                                            X-BM-DateFormat: dd/MM/yyyy
                                                                                                                                                                                                                                            X-BM-DeviceDimensions: 784x984
                                                                                                                                                                                                                                            X-BM-DeviceDimensionsLogical: 784x984
                                                                                                                                                                                                                                            X-BM-DeviceScale: 100
                                                                                                                                                                                                                                            X-BM-DTZ: 60
                                                                                                                                                                                                                                            X-BM-Market: CH
                                                                                                                                                                                                                                            X-BM-Theme: 000000;0078d7
                                                                                                                                                                                                                                            X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                                                                                                                                                                                            X-Device-ClientSession: 3967AB70E8E74431908B580AED7E67B3
                                                                                                                                                                                                                                            X-Device-isOptin: false
                                                                                                                                                                                                                                            X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                                                                                                                                                                                            X-Device-OSSKU: 48
                                                                                                                                                                                                                                            X-Device-Touch: false
                                                                                                                                                                                                                                            X-DeviceID: 01000A4109008071
                                                                                                                                                                                                                                            X-MSEdge-ExternalExp: bfbwsbghf928t,bfbwsbrs0830tf,d-thshldspcl40,fliptrac6,optfsc,spofglclickserpf2,wsbqfasmsall_t,wsbqfminiserp600,wsbref-c
                                                                                                                                                                                                                                            X-MSEdge-ExternalExpType: JointCoord
                                                                                                                                                                                                                                            X-PositionerType: Desktop
                                                                                                                                                                                                                                            X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                                                                                                                                                                                            X-Search-CortanaAvailableCapabilities: None
                                                                                                                                                                                                                                            X-Search-SafeSearch: Moderate
                                                                                                                                                                                                                                            X-Search-TimeZone: Bias=0; DaylightBias=-60; TimeZoneKeyName=GMT Standard Time
                                                                                                                                                                                                                                            X-UserAgeClass: Unknown
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                            Host: www.bing.com
                                                                                                                                                                                                                                            Content-Length: 516
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            Cookie: SRCHUID=V=2&GUID=507B984BF29F418EA13B8912FCE289B0&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696497029183&IPMH=5c67ba25&IPMID=1696497265539&HV=1696497179; CortanaAppUID=D36DDDF07E1B512856780840298B626F; MUID=531305E83CE64DE088676FE94B9682C4; _SS=SID=3314E043C3866D730FEDF3E2C2436C30&CPID=1696497266478&AC=1&CPH=c11e7441; _EDGE_S=SID=3314E043C3866D730FEDF3E2C2436C30; MUIDB=531305E83CE64DE088676FE94B9682C4
                                                                                                                                                                                                                                            2024-02-05 15:10:56 UTC1OUTData Raw: 3c
                                                                                                                                                                                                                                            Data Ascii: <
                                                                                                                                                                                                                                            2024-02-05 15:10:56 UTC515OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 35 33 31 33 30 35 45 38 33 43 45 36 34 44 45 30 38 38 36 37 36 46 45 39 34 42 39 36 38 32 43 34 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 38 32 39 46 43 45 45 38 38 41 35 32 34 46 34 31 39 34 33 46 33 33 35 42 38 33 32 44 31 41 34 37 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                                                                                                                                                                                                                                            Data Ascii: ClientInstRequest><CID>531305E83CE64DE088676FE94B9682C4</CID><Events><E><T>Event.ClientInst</T><IG>829FCEE88A524F41943F335B832D1A47</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                                                                                                                                                                                                                                            2024-02-05 15:10:57 UTC476INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: EAE87393EBE940B7B763D035D7C5AF18 Ref B: PAOEDGE0613 Ref C: 2024-02-05T15:10:57Z
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:57 GMT
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=93600
                                                                                                                                                                                                                                            X-CDN-TraceID: 0.d1d7ce17.1707145857.c97ea5e2


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            19192.168.2.949741161.35.127.1814438096C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:57 UTC238OUTGET /pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&version=2.305&evt_src=installer&evt_action=start&channelId= HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-02-05 15:10:58 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:58 GMT
                                                                                                                                                                                                                                            Content-Type: image/gif
                                                                                                                                                                                                                                            Content-Length: 42
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:10:58 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                            Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            20192.168.2.949742161.35.127.1814438096C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:10:58 UTC232OUTGET /pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&version=2.305&evt_src=installer&evt_action=installing HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-02-05 15:10:58 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:10:58 GMT
                                                                                                                                                                                                                                            Content-Type: image/gif
                                                                                                                                                                                                                                            Content-Length: 42
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:10:58 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                            Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            21192.168.2.949743161.35.127.1814438096C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:11:17 UTC793OUTGET /pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&version=2.305&evt_src=installer&evt_action=systeminfo&dsk_iosec=59478&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=101&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=VPM8HCDF%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-02-05 15:11:17 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:11:17 GMT
                                                                                                                                                                                                                                            Content-Type: image/gif
                                                                                                                                                                                                                                            Content-Length: 42
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:11:17 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                            Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            22192.168.2.949744161.35.127.1814438096C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:11:17 UTC760OUTGET /register.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&ch=&version=2.305&dsk_iosec=59478&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=101&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DHYWL2S&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=VPM8HCDF%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-02-05 15:11:18 UTC341INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:11:18 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Content-Length: 29
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:11:18 UTC29INData Raw: 30 2c 30 2c 30 2c 31 2c 32 2c 36 34 2c 32 2c 35 2c 32 35 36 2c 31 2c 32 2c 36 34 2c 31
                                                                                                                                                                                                                                            Data Ascii: 0,0,0,1,2,64,2,5,256,1,2,64,1


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            23192.168.2.949746161.35.127.1814432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:11:28 UTC748OUTGET /installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid= HTTP/1.1
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                            Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                            Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                            Sec-Fetch-User: ?1
                                                                                                                                                                                                                                            Sec-Fetch-Dest: document
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            Cookie: _fcid=1707145843760178
                                                                                                                                                                                                                                            2024-02-05 15:11:28 UTC349INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:11:28 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:11:28 UTC13611INData Raw: 31 66 32 37 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 72 63 2f 69 6e 69 74 69 61 74 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 61 73 74 21 20 49 6e 73 74 61 6c 6c 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 20 53 61 6e 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 3e 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4f 70 65 6e 20 53 61 6e 73 27 3b 0a 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 09 09 63 6f 6c 6f 72 3a 20
                                                                                                                                                                                                                                            Data Ascii: 1f27<html><head> <script src="src/initiate.js"></script> <title>Fast! Installed</title> <link href='//fonts.googleapis.com/css?family=Open Sans' rel='stylesheet'><style>body {font-family: 'Open Sans';font-size: 12px;color:


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            24192.168.2.949745161.35.127.1814432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:11:28 UTC616OUTGET /src/initiate.js HTTP/1.1
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: script
                                                                                                                                                                                                                                            Referer: https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            Cookie: _fcid=1707145843760178
                                                                                                                                                                                                                                            2024-02-05 15:11:28 UTC314INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:11:28 GMT
                                                                                                                                                                                                                                            Content-Type: application/javascript
                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            25192.168.2.949747161.35.127.1814432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:11:28 UTC623OUTGET /src/main.js?t=20171020 HTTP/1.1
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: script
                                                                                                                                                                                                                                            Referer: https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            Cookie: _fcid=1707145843760178
                                                                                                                                                                                                                                            2024-02-05 15:11:28 UTC362INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:11:28 GMT
                                                                                                                                                                                                                                            Content-Type: application/javascript
                                                                                                                                                                                                                                            Content-Length: 591
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:11:28 UTC591INData Raw: 69 66 20 28 20 74 79 70 65 6f 66 28 70 69 78 65 6c 45 76 65 6e 74 29 20 21 3d 20 27 66 75 6e 63 74 69 6f 6e 27 20 29 20 7b 0a 20 20 20 20 76 61 72 20 73 31 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 2c 73 30 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 0a 20 20 20 20 73 31 2e 73 72 63 3d 27 2f 73 72 63 2f 6d 61 69 6e 5f 63 6f 64 65 2e 6a 73 27 3b 0a 20 20 20 20 73 30 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 73 31 2c 73 30 29 3b 0a 7d 0a 0a 0a 2f 2f 20 2d 2d 2d 20 41 64 64 65 64 20 63 75 72 72 65 6e 74 20 79 65 61 72 20 2d 2d 2d 20 2f 2f 0a 66 75 6e 63 74 69 6f 6e 20 72 65 6e 64 65
                                                                                                                                                                                                                                            Data Ascii: if ( typeof(pixelEvent) != 'function' ) { var s1=document.createElement("script"),s0=document.getElementsByTagName("script")[0]; s1.src='/src/main_code.js'; s0.parentNode.insertBefore(s1,s0);}// --- Added current year --- //function rende


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            26192.168.2.949748161.35.127.1814438096C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:11:28 UTC226OUTGET /pixel.gif?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=&version=2.305&evt_src=installer&evt_action=done HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-02-05 15:11:28 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:11:28 GMT
                                                                                                                                                                                                                                            Content-Type: image/gif
                                                                                                                                                                                                                                            Content-Length: 42
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:11:28 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                            Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            27192.168.2.94974931.13.65.74432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:11:28 UTC532OUTGET /en_US/fbevents.js HTTP/1.1
                                                                                                                                                                                                                                            Host: connect.facebook.net
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: script
                                                                                                                                                                                                                                            Referer: https://veryfast.io/
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC1997INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                            timing-allow-origin: *
                                                                                                                                                                                                                                            reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
                                                                                                                                                                                                                                            report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
                                                                                                                                                                                                                                            content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
                                                                                                                                                                                                                                            document-policy: force-load-at-top
                                                                                                                                                                                                                                            permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
                                                                                                                                                                                                                                            permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
                                                                                                                                                                                                                                            cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                            cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
                                                                                                                                                                                                                                            cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
                                                                                                                                                                                                                                            Pragma: public
                                                                                                                                                                                                                                            Cache-Control: public, max-age=1200
                                                                                                                                                                                                                                            Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC390INData Raw: 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 58 53 53 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 20 30 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 6f 72 69 67 69 6e 2d 61 67 65 6e 74 2d 63 6c 75 73 74 65 72 3a 20 3f 30 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 3b 20 70 72 65 6c 6f 61 64 3b 20 69 6e 63 6c 75 64 65 53 75 62 44 6f 6d 61 69 6e 73 0d 0a 58 2d 46 42 2d 44 65 62 75 67 3a 20 30 61 6e 6a 61 2b 79 32 56 73 72 74 48 31 36 76 4b 48 64 32 6c 31 7a 31 57 68 4c 5a 45 64 63 74 6c 57 65 50 33 51 57 52 4e 2f 4b 49 39 69 55 41 32 6d 77 6d 74 2b 78 53 75 76 4f 4c 39 4d 48 6f 30 76 4d
                                                                                                                                                                                                                                            Data Ascii: X-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYorigin-agent-cluster: ?0Strict-Transport-Security: max-age=31536000; preload; includeSubDomainsX-FB-Debug: 0anja+y2VsrtH16vKHd2l1z1WhLZEdctlWeP3QWRN/KI9iUA2mwmt+xSuvOL9MHo0vM
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC1110INData Raw: 2f 2a 2a 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 37 2d 70 72 65 73 65 6e 74 2c 20 46 61 63 65 62 6f 6f 6b 2c 20 49 6e 63 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 2a 0a 2a 20 59 6f 75 20 61 72 65 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 20 61 20 6e 6f 6e 2d 65 78 63 6c 75 73 69 76 65 2c 20 77 6f 72 6c 64 77 69 64 65 2c 20 72 6f 79 61 6c 74 79 2d 66 72 65 65 20 6c 69 63 65 6e 73 65 20 74 6f 20 75 73 65 2c 0a 2a 20 63 6f 70 79 2c 20 6d 6f 64 69 66 79 2c 20 61 6e 64 20 64 69 73 74 72 69 62 75 74 65 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 69 6e 20 73 6f 75 72 63 65 20 63 6f 64 65 20 6f 72 20 62 69 6e 61 72 79 20 66 6f 72 6d 20 66 6f 72 20 75 73 65 0a 2a 20 69 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69
                                                                                                                                                                                                                                            Data Ascii: /*** Copyright (c) 2017-present, Facebook, Inc. All rights reserved.** You are hereby granted a non-exclusive, worldwide, royalty-free license to use,* copy, modify, and distribute this software in source code or binary form for use* in connection wi
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC1500INData Raw: 22 73 74 61 62 6c 65 22 3b 0a 66 62 71 2e 70 65 6e 64 69 6e 67 43 6f 6e 66 69 67 73 3d 5b 22 67 6c 6f 62 61 6c 5f 63 6f 6e 66 69 67 22 5d 3b 0a 66 62 71 2e 5f 5f 6f 70 65 6e 42 72 69 64 67 65 52 6f 6c 6c 6f 75 74 20 3d 20 31 2e 30 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 65 2e 65 78 70 6f 72 74 73 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 66 3d 61 2e 66 62 71 3b 66 2e 65 78 65 63 53 74 61 72 74 3d 61 2e 70 65 72 66 6f 72 6d 61 6e 63 65 26 26 61 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 26 26 61 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 3b 69 66 28 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 62 3d 61 2e 70 6f 73 74 4d 65 73 73 61 67 65 7c 7c 66 75
                                                                                                                                                                                                                                            Data Ascii: "stable";fbq.pendingConfigs=["global_config"];fbq.__openBridgeRollout = 1.0;(function(a,b,c,d){var e={exports:{}};e.exports;(function(){var f=a.fbq;f.execStart=a.performance&&a.performance.now&&a.performance.now();if(!function(){var b=a.postMessage||fu
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC1500INData Raw: 72 3d 3d 3d 53 79 6d 62 6f 6c 26 26 61 21 3d 3d 28 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 53 79 6d 62 6f 6c 2e 70 72 6f 74 6f 74 79 70 65 3a 22 40 40 70 72 6f 74 6f 74 79 70 65 22 29 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 61 7d 3b 66 75 6e 63 74 69 6f 6e 20 6a 28 61 2c 62 29 7b 69 66 28 21 61 29 74 68 72 6f 77 20 6e 65 77 20 52 65 66 65 72 65 6e 63 65 45 72 72 6f 72 28 22 74 68 69 73 20 68 61 73 6e 27 74 20 62 65 65 6e 20 69 6e 69 74 69 61 6c 69 73 65 64 20 2d 20 73 75 70 65 72 28 29 20 68 61 73 6e 27 74 20 62 65 65 6e 20 63 61 6c 6c 65 64 22 29 3b 72 65 74 75 72 6e 20 62 26 26 28 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 74 79 70 65 6f 66 20 62 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e
                                                                                                                                                                                                                                            Data Ascii: r===Symbol&&a!==(typeof Symbol==="function"?Symbol.prototype:"@@prototype")?"symbol":typeof a};function j(a,b){if(!a)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return b&&(typeof b==="object"||typeof b==="function
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC1500INData Raw: 78 2d 79 78 78 78 2d 78 78 78 78 78 78 78 78 78 78 78 78 22 2e 72 65 70 6c 61 63 65 28 2f 5b 78 79 5d 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3d 28 61 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 36 29 25 31 36 7c 30 3b 61 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 61 2f 31 36 29 3b 72 65 74 75 72 6e 28 62 3d 3d 22 78 22 3f 63 3a 63 26 33 7c 38 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 7d 29 3b 72 65 74 75 72 6e 20 62 7d 6a 2e 65 78 70 6f 72 74 73 3d 61 7d 29 28 29 3b 72 65 74 75 72 6e 20 6a 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 66 2e 65 6e 73 75 72 65 4d 6f 64 75 6c 65 52 65 67 69 73 74 65 72 65 64 28 22 53 69 67 6e 61 6c 73 43 6f 6e 76 65 72 74 4e 6f 64 65 54 6f 48 54 4d 4c 45 6c 65 6d 65 6e 74 22 2c 66 75 6e 63
                                                                                                                                                                                                                                            Data Ascii: x-yxxx-xxxxxxxxxxxx".replace(/[xy]/g,function(b){var c=(a+Math.random()*16)%16|0;a=Math.floor(a/16);return(b=="x"?c:c&3|8).toString(16)});return b}j.exports=a})();return j.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsConvertNodeToHTMLElement",func
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC1500INData Raw: 74 65 43 68 65 63 6b 6f 75 74 3a 7b 7d 2c 4c 65 61 64 3a 7b 7d 2c 50 61 67 65 56 69 65 77 3a 7b 7d 2c 50 69 78 65 6c 49 6e 69 74 69 61 6c 69 7a 65 64 3a 7b 7d 2c 50 75 72 63 68 61 73 65 3a 7b 76 61 6c 69 64 61 74 69 6f 6e 53 63 68 65 6d 61 3a 61 7d 2c 53 63 68 65 64 75 6c 65 3a 7b 7d 2c 53 65 61 72 63 68 3a 7b 7d 2c 53 74 61 72 74 54 72 69 61 6c 3a 7b 7d 2c 53 75 62 6d 69 74 41 70 70 6c 69 63 61 74 69 6f 6e 3a 7b 7d 2c 53 75 62 73 63 72 69 62 65 3a 7b 7d 2c 56 69 65 77 43 6f 6e 74 65 6e 74 3a 7b 7d 7d 2c 69 3d 7b 61 67 65 6e 74 3a 21 30 2c 61 75 74 6f 6d 61 74 69 63 6d 61 74 63 68 69 6e 67 63 6f 6e 66 69 67 3a 21 30 2c 63 6f 64 65 6c 65 73 73 3a 21 30 2c 74 72 61 63 6b 73 69 6e 67 6c 65 6f 6e 6c 79 3a 21 30 2c 22 63 62 64 61 74 61 2e 6f 6e 65 74 72 75 73
                                                                                                                                                                                                                                            Data Ascii: teCheckout:{},Lead:{},PageView:{},PixelInitialized:{},Purchase:{validationSchema:a},Schedule:{},Search:{},StartTrial:{},SubmitApplication:{},Subscribe:{},ViewContent:{}},i={agent:!0,automaticmatchingconfig:!0,codeless:!0,tracksingleonly:!0,"cbdata.onetrus
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC1500INData Raw: 6e 20 6b 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 66 2e 65 6e 73 75 72 65 4d 6f 64 75 6c 65 52 65 67 69 73 74 65 72 65 64 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 42 61 73 65 45 76 65 6e 74 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 67 2c 69 2c 6a 2c 6b 29 7b 76 61 72 20 6c 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 6c 2e 65 78 70 6f 72 74 73 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 61 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 55 74 69 6c 73 22 29 2c 62 3d 61 2e 6d 61 70 2c 63 3d 61 2e 6b 65 79 73 3b 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e
                                                                                                                                                                                                                                            Data Ascii: n k.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEventsBaseEvent",function(){return function(g,i,j,k){var l={exports:{}};l.exports;(function(){"use strict";var a=f.getFbeventsModules("SignalsFBEventsUtils"),b=a.map,c=a.keys;a=function(){function
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC1500INData Raw: 68 69 73 2c 61 29 2c 74 68 69 73 2e 5f 77 61 69 74 48 61 6e 64 6c 65 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 64 61 74 61 3d 5b 5d 2c 74 68 69 73 2e 5f 63 62 3d 62 7d 68 28 61 2c 5b 7b 6b 65 79 3a 22 61 64 64 54 6f 42 61 74 63 68 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 74 68 69 73 3b 74 68 69 73 2e 5f 77 61 69 74 48 61 6e 64 6c 65 3d 3d 6e 75 6c 6c 26 26 28 74 68 69 73 2e 5f 77 61 69 74 48 61 6e 64 6c 65 3d 67 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 62 2e 5f 77 61 69 74 48 61 6e 64 6c 65 3d 6e 75 6c 6c 2c 62 2e 66 6f 72 63 65 45 6e 64 42 61 74 63 68 28 29 7d 2c 65 28 29 29 29 3b 74 68 69 73 2e 5f 64 61 74 61 2e 70 75 73 68 28 61 29 3b 74 68 69 73 2e 5f 64 61 74 61 2e 6c 65 6e 67 74 68 3e 3d 64
                                                                                                                                                                                                                                            Data Ascii: his,a),this._waitHandle=null,this._data=[],this._cb=b}h(a,[{key:"addToBatch",value:function(a){var b=this;this._waitHandle==null&&(this._waitHandle=g.setTimeout(function(){b._waitHandle=null,b.forceEndBatch()},e()));this._data.push(a);this._data.length>=d
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC1500INData Raw: 72 74 73 3a 7b 7d 7d 3b 6b 2e 65 78 70 6f 72 74 73 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 61 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 54 79 70 65 64 22 29 2c 62 3d 61 2e 54 79 70 65 64 3b 61 2e 63 6f 65 72 63 65 3b 61 3d 62 2e 6f 62 6a 65 63 74 57 69 74 68 46 69 65 6c 64 73 28 7b 63 63 52 75 6c 65 73 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 61 72 72 61 79 4f 66 28 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 6f 62 6a 65 63 74 57 69 74 68 46 69 65 6c 64 73 28 7b 69 64 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 73 74 72 69 6e 67 4f 72 4e 75 6d 62 65 72 28 29 29 2c 72 75 6c 65 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 6f 62 6a 65
                                                                                                                                                                                                                                            Data Ascii: rts:{}};k.exports;(function(){"use strict";var a=f.getFbeventsModules("SignalsFBEventsTyped"),b=a.Typed;a.coerce;a=b.objectWithFields({ccRules:b.allowNull(b.arrayOf(b.allowNull(b.objectWithFields({id:b.allowNull(b.stringOrNumber()),rule:b.allowNull(b.obje
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC526INData Raw: 76 61 72 20 6b 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 6b 2e 65 78 70 6f 72 74 73 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 61 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 54 79 70 65 64 22 29 2c 62 3d 61 2e 54 79 70 65 64 2c 63 3d 61 2e 63 6f 65 72 63 65 2c 64 3d 61 2e 65 6e 66 6f 72 63 65 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 65 3d 63 28 61 2c 62 2e 6f 62 6a 65 63 74 57 69 74 68 46 69 65 6c 64 73 28 7b 6d 61 78 5f 62 61 74 63 68 5f 73 69 7a 65 3a 62 2e 6e 75 6d 62 65 72 28 29 2c 77 61 69 74 5f 74 69 6d 65 5f 6d 73 3a 62 2e 6e 75 6d 62 65 72 28 29 7d 29 29 3b 72 65 74 75 72 6e 20 65 21 3d 6e 75 6c 6c 3f 7b 62 61 74 63
                                                                                                                                                                                                                                            Data Ascii: var k={exports:{}};k.exports;(function(){"use strict";var a=f.getFbeventsModules("SignalsFBEventsTyped"),b=a.Typed,c=a.coerce,d=a.enforce,e=function(a){var e=c(a,b.objectWithFields({max_batch_size:b.number(),wait_time_ms:b.number()}));return e!=null?{batc


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            28192.168.2.949750161.35.127.1814437068C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC169OUTGET /cpg.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019 HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                            Host: veryfast.io
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC349INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:11:29 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                            2024-02-05 15:11:29 UTC17INData Raw: 37 0d 0a 64 65 66 61 75 6c 74 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 7default0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            29192.168.2.94975120.114.59.183443
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:11:33 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MbwS1Ykxbhl75RS&MD=XODwZGn4 HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                            Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                            2024-02-05 15:11:34 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                            ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                                                                                                                                                                                            MS-CorrelationId: 14d232d9-a662-4388-befd-a98e29fbf43a
                                                                                                                                                                                                                                            MS-RequestId: e6f0d2f6-060a-48de-a158-a184409c4e1d
                                                                                                                                                                                                                                            MS-CV: 0ypvIphNHEWBYij0.0
                                                                                                                                                                                                                                            X-Microsoft-SLSClientCache: 2160
                                                                                                                                                                                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:11:33 GMT
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Content-Length: 25457
                                                                                                                                                                                                                                            2024-02-05 15:11:34 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                                                                                                                                                                                            Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                                                                                                                                                                                            2024-02-05 15:11:34 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                                                                                                                                                                                            Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            30192.168.2.94975774.125.138.1394432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-02-05 15:12:12 UTC449OUTGET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000005B80EA71B9 HTTP/1.1
                                                                                                                                                                                                                                            Host: clients1.google.com
                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            2024-02-05 15:12:12 UTC817INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-oFzo-9YXm_gAPzxrFdrJyg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                                                                                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-L0RQ0Oa1i7KkpQIf8TpStQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                            Content-Length: 219
                                                                                                                                                                                                                                            Date: Mon, 05 Feb 2024 15:12:12 GMT
                                                                                                                                                                                                                                            Expires: Mon, 05 Feb 2024 15:12:12 GMT
                                                                                                                                                                                                                                            Cache-Control: private, max-age=0
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            Server: GSE
                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-02-05 15:12:12 UTC219INData Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 61 33 33 39 63 61 64 0a
                                                                                                                                                                                                                                            Data Ascii: rlzC1: 1C1ONGR_enUS1096rlzC2: 1C2ONGR_enUS1096rlzC7: 1C7ONGR_enUS1096dcc: set_dcc: C1:1C1ONGR_enUS1096,C2:1C2ONGR_enUS1096,C7:1C7ONGR_enUS1096events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: a339cad


                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                            Start time:16:10:36
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            File size:142'536 bytes
                                                                                                                                                                                                                                            MD5 hash:EC427B1BF867DC6FDFDFC2B5219F44DE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                            Start time:16:10:41
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=3BC72742-A345-A4E4-61BC-197C285C1019
                                                                                                                                                                                                                                            Imagebase:0x7ff6b2cb0000
                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                                            Start time:16:10:41
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                            Imagebase:0x7ff77afe0000
                                                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                                            Start time:16:10:41
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1904,i,11089183741404647091,17360346966721708215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                            Imagebase:0x7ff6b2cb0000
                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                                                            Start time:16:10:56
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\SetupEngine.exe"
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            File size:3'208'568 bytes
                                                                                                                                                                                                                                            MD5 hash:6ADC1C797360ABEE521CAC2019130184
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                            • Detection: 38%, ReversingLabs
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                                            Start time:16:10:58
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:cmd /c "C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp" > C:\Users\user\AppData\Local\Temp\dskres.xml
                                                                                                                                                                                                                                            Imagebase:0xc50000
                                                                                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                            Start time:16:10:58
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                                            Start time:16:10:58
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\diskspd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp
                                                                                                                                                                                                                                            Imagebase:0x2b0000
                                                                                                                                                                                                                                            File size:144'688 bytes
                                                                                                                                                                                                                                            MD5 hash:FC41CABDD3C18079985AC5F648F58A90
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                                            Start time:16:11:20
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            File size:55'410'880 bytes
                                                                                                                                                                                                                                            MD5 hash:884E1463B4CB20B28C3A80960E02AC2D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                            • Detection: 5%, ReversingLabs
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                                            Start time:16:11:27
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=3BC72742-A345-A4E4-61BC-197C285C1019&_fcid=
                                                                                                                                                                                                                                            Imagebase:0x7ff6b2cb0000
                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                                            Start time:16:11:27
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Fast!\FastSRV.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:C:\Program Files (x86)\Fast!\FastSRV.exe
                                                                                                                                                                                                                                            Imagebase:0x190000
                                                                                                                                                                                                                                            File size:98'648 bytes
                                                                                                                                                                                                                                            MD5 hash:B8AF4E4DFAB89560361DDB94353E7E06
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                            • Detection: 4%, ReversingLabs
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                                            Start time:16:11:27
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:C:\Program Files (x86)\fast!\fast!.exe
                                                                                                                                                                                                                                            Imagebase:0x930000
                                                                                                                                                                                                                                            File size:1'983'320 bytes
                                                                                                                                                                                                                                            MD5 hash:3F2669BA4BA457B6F5B0F3CD949F1FDB
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                            Start time:16:11:27
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1980,i,18441206573575363989,16074251699852785128,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                            Imagebase:0x7ff6b2cb0000
                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                                            Start time:16:11:28
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:C:\Program Files (x86)\Fast!\Fast!.exe
                                                                                                                                                                                                                                            Imagebase:0x930000
                                                                                                                                                                                                                                            File size:1'983'320 bytes
                                                                                                                                                                                                                                            MD5 hash:3F2669BA4BA457B6F5B0F3CD949F1FDB
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                                                            Start time:16:11:29
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            File size:4'127'368 bytes
                                                                                                                                                                                                                                            MD5 hash:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                            • Detection: 4%, ReversingLabs
                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                                                            Start time:16:11:29
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x2cc,0x2d0,0x2d4,0x1d0,0x2d8,0x6b6d693c,0x6b6d694c,0x6b6d695c
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            File size:4'127'368 bytes
                                                                                                                                                                                                                                            MD5 hash:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                                                            Start time:16:11:30
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --service-pipe-token=493E2991BBDAC7F9EF4ED5A8FE164F46 --lang=en-GB --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=493E2991BBDAC7F9EF4ED5A8FE164F46 --renderer-client-id=2 --mojo-platform-channel-handle=2340 /prefetch:1
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            File size:4'127'368 bytes
                                                                                                                                                                                                                                            MD5 hash:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                                                            Start time:16:11:35
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=143610A8428963D92794C8A7F12585F7 --mojo-platform-channel-handle=2932 /prefetch:2
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            File size:4'127'368 bytes
                                                                                                                                                                                                                                            MD5 hash:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                                                            Start time:16:11:37
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:C:\Program Files (x86)\fast!\fast!.exe
                                                                                                                                                                                                                                            Imagebase:0x930000
                                                                                                                                                                                                                                            File size:1'983'320 bytes
                                                                                                                                                                                                                                            MD5 hash:3F2669BA4BA457B6F5B0F3CD949F1FDB
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                                                                            Start time:16:12:15
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-GB --no-sandbox --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=3CCEF8E9E7D4F212DACB2716CD2DD08A --mojo-platform-channel-handle=2904 /prefetch:8
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            File size:4'127'368 bytes
                                                                                                                                                                                                                                            MD5 hash:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                                                            Start time:16:12:31
                                                                                                                                                                                                                                            Start date:05/02/2024
                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2332,2685419300177555581,1968442610854421918,131072 --lang=en-GB --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=B8E23F7305B463E8EB7E1F3EC3CAABAD --mojo-platform-channel-handle=2900 /prefetch:8
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            File size:4'127'368 bytes
                                                                                                                                                                                                                                            MD5 hash:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:26.8%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                              Signature Coverage:22.1%
                                                                                                                                                                                                                                              Total number of Nodes:1276
                                                                                                                                                                                                                                              Total number of Limit Nodes:41
                                                                                                                                                                                                                                              execution_graph 2733 401dc1 2745 402a0c 2733->2745 2736 402a0c 18 API calls 2737 401dd0 2736->2737 2738 402a0c 18 API calls 2737->2738 2739 401dd9 2738->2739 2740 402a0c 18 API calls 2739->2740 2741 401de2 2740->2741 2751 401423 2741->2751 2744 401e16 2746 402a18 2745->2746 2754 405bc3 2746->2754 2749 401dc7 2749->2736 2793 404e8d 2751->2793 2759 405bd0 2754->2759 2755 405dea 2756 402a39 2755->2756 2788 405ba1 lstrcpynA 2755->2788 2756->2749 2772 405e03 2756->2772 2758 405c68 GetVersion 2758->2759 2759->2755 2759->2758 2760 405dc1 lstrlenA 2759->2760 2763 405bc3 10 API calls 2759->2763 2764 405ce0 GetSystemDirectoryA 2759->2764 2766 405cf3 GetWindowsDirectoryA 2759->2766 2767 405e03 5 API calls 2759->2767 2768 405d6a lstrcatA 2759->2768 2769 405d27 SHGetSpecialFolderLocation 2759->2769 2770 405bc3 10 API calls 2759->2770 2781 405a88 RegOpenKeyExA 2759->2781 2786 405aff wsprintfA 2759->2786 2787 405ba1 lstrcpynA 2759->2787 2760->2759 2763->2760 2764->2759 2766->2759 2767->2759 2768->2759 2769->2759 2771 405d3f SHGetPathFromIDListA CoTaskMemFree 2769->2771 2770->2759 2771->2759 2779 405e0f 2772->2779 2773 405e77 2774 405e7b CharPrevA 2773->2774 2776 405e96 2773->2776 2774->2773 2775 405e6c CharNextA 2775->2773 2775->2779 2776->2749 2778 405e5a CharNextA 2778->2779 2779->2773 2779->2775 2779->2778 2780 405e67 CharNextA 2779->2780 2789 4056bf 2779->2789 2780->2775 2782 405af9 2781->2782 2783 405abb RegQueryValueExA 2781->2783 2782->2759 2785 405adc RegCloseKey 2783->2785 2785->2782 2786->2759 2787->2759 2788->2756 2790 4056c5 2789->2790 2791 4056d8 2790->2791 2792 4056cb CharNextA 2790->2792 2791->2779 2792->2790 2794 404ea8 2793->2794 2803 401431 ShellExecuteA 2793->2803 2795 404ec5 lstrlenA 2794->2795 2796 405bc3 18 API calls 2794->2796 2797 404ed3 lstrlenA 2795->2797 2798 404eee 2795->2798 2796->2795 2799 404ee5 lstrcatA 2797->2799 2797->2803 2800 404f01 2798->2800 2801 404ef4 SetWindowTextA 2798->2801 2799->2798 2802 404f07 SendMessageA SendMessageA SendMessageA 2800->2802 2800->2803 2801->2800 2802->2803 2803->2744 3553 401cc1 GetDlgItem GetClientRect 3554 402a0c 18 API calls 3553->3554 3555 401cf1 LoadImageA SendMessageA 3554->3555 3556 4028a1 3555->3556 3557 401d0f DeleteObject 3555->3557 3557->3556 3558 401645 3559 402a0c 18 API calls 3558->3559 3560 40164c 3559->3560 3561 402a0c 18 API calls 3560->3561 3562 401655 3561->3562 3563 402a0c 18 API calls 3562->3563 3564 40165e MoveFileA 3563->3564 3565 401671 3564->3565 3566 40166a 3564->3566 3568 405e9c 2 API calls 3565->3568 3570 40217f 3565->3570 3567 401423 25 API calls 3566->3567 3567->3570 3569 401680 3568->3569 3569->3570 3571 4058ef 40 API calls 3569->3571 3571->3566 3572 401ec5 3573 402a0c 18 API calls 3572->3573 3574 401ecc 3573->3574 3575 405f2d 5 API calls 3574->3575 3576 401edb 3575->3576 3577 401ef3 GlobalAlloc 3576->3577 3579 401f5b 3576->3579 3578 401f07 3577->3578 3577->3579 3580 405f2d 5 API calls 3578->3580 3581 401f0e 3580->3581 3582 405f2d 5 API calls 3581->3582 3583 401f18 3582->3583 3583->3579 3587 405aff wsprintfA 3583->3587 3585 401f4f 3588 405aff wsprintfA 3585->3588 3587->3585 3588->3579 3589 4023c5 3600 402b16 3589->3600 3591 4023cf 3592 402a0c 18 API calls 3591->3592 3593 4023d8 3592->3593 3594 4023e2 RegQueryValueExA 3593->3594 3598 402672 3593->3598 3595 402402 3594->3595 3596 402408 RegCloseKey 3594->3596 3595->3596 3604 405aff wsprintfA 3595->3604 3596->3598 3601 402a0c 18 API calls 3600->3601 3602 402b2f 3601->3602 3603 402b3d RegOpenKeyExA 3602->3603 3603->3591 3604->3596 2972 404fcb 2973 405177 2972->2973 2974 404fec GetDlgItem GetDlgItem GetDlgItem 2972->2974 2976 405180 GetDlgItem CreateThread CloseHandle 2973->2976 2977 4051a8 2973->2977 3018 403e92 SendMessageA 2974->3018 2976->2977 3021 404f5f OleInitialize 2976->3021 2979 4051f5 2977->2979 2980 4051bf ShowWindow ShowWindow 2977->2980 2981 4051d3 2977->2981 2978 40505d 2985 405064 GetClientRect GetSystemMetrics SendMessageA SendMessageA 2978->2985 2984 403ec4 8 API calls 2979->2984 3020 403e92 SendMessageA 2980->3020 2982 4051e4 2981->2982 2983 40520a ShowWindow 2981->2983 2986 405231 2981->2986 2988 403e36 SendMessageA 2982->2988 2990 40522a 2983->2990 2991 40521c 2983->2991 2989 405203 2984->2989 2992 4050d3 2985->2992 2993 4050b7 SendMessageA SendMessageA 2985->2993 2986->2979 2994 40523c SendMessageA 2986->2994 2988->2979 2996 403e36 SendMessageA 2990->2996 2995 404e8d 25 API calls 2991->2995 2997 4050e6 2992->2997 2998 4050d8 SendMessageA 2992->2998 2993->2992 2994->2989 2999 405255 CreatePopupMenu 2994->2999 2995->2990 2996->2986 3001 403e5d 19 API calls 2997->3001 2998->2997 3000 405bc3 18 API calls 2999->3000 3003 405265 AppendMenuA 3000->3003 3002 4050f6 3001->3002 3006 405133 GetDlgItem SendMessageA 3002->3006 3007 4050ff ShowWindow 3002->3007 3004 405278 GetWindowRect 3003->3004 3005 40528b 3003->3005 3008 405294 TrackPopupMenu 3004->3008 3005->3008 3006->2989 3010 40515a SendMessageA SendMessageA 3006->3010 3009 405115 ShowWindow 3007->3009 3012 405122 3007->3012 3008->2989 3011 4052b2 3008->3011 3009->3012 3010->2989 3013 4052ce SendMessageA 3011->3013 3019 403e92 SendMessageA 3012->3019 3013->3013 3015 4052eb OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3013->3015 3016 40530d SendMessageA 3015->3016 3016->3016 3017 40532e GlobalUnlock SetClipboardData CloseClipboard 3016->3017 3017->2989 3018->2978 3019->3006 3020->2981 3022 403ea9 SendMessageA 3021->3022 3024 404f82 3022->3024 3023 403ea9 SendMessageA 3025 404fbb OleUninitialize 3023->3025 3026 401389 2 API calls 3024->3026 3027 404fa9 3024->3027 3026->3024 3027->3023 3608 402b51 3609 402b60 SetTimer 3608->3609 3610 402b79 3608->3610 3609->3610 3611 402bce 3610->3611 3612 402b93 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3610->3612 3612->3611 3613 404254 3614 404264 3613->3614 3615 40428a 3613->3615 3617 403e5d 19 API calls 3614->3617 3616 403ec4 8 API calls 3615->3616 3618 404296 3616->3618 3619 404271 SetDlgItemTextA 3617->3619 3619->3615 3620 402654 3621 402a0c 18 API calls 3620->3621 3622 40265b FindFirstFileA 3621->3622 3623 40267e 3622->3623 3627 40266e 3622->3627 3628 405aff wsprintfA 3623->3628 3625 402685 3629 405ba1 lstrcpynA 3625->3629 3628->3625 3629->3627 3630 4024d4 3631 4024d9 3630->3631 3632 4024ea 3630->3632 3633 4029ef 18 API calls 3631->3633 3634 402a0c 18 API calls 3632->3634 3636 4024e0 3633->3636 3635 4024f1 lstrlenA 3634->3635 3635->3636 3637 402510 WriteFile 3636->3637 3638 402672 3636->3638 3637->3638 3508 4014d6 3509 4029ef 18 API calls 3508->3509 3510 4014dc Sleep 3509->3510 3512 4028a1 3510->3512 3644 4018d8 3645 40190f 3644->3645 3646 402a0c 18 API calls 3645->3646 3647 401914 3646->3647 3648 4054c6 70 API calls 3647->3648 3649 40191d 3648->3649 3650 4018db 3651 402a0c 18 API calls 3650->3651 3652 4018e2 3651->3652 3653 405462 MessageBoxIndirectA 3652->3653 3654 4018eb 3653->3654 3655 4047dc GetDlgItem GetDlgItem 3656 404830 7 API calls 3655->3656 3665 404a4d 3655->3665 3657 4048d6 DeleteObject 3656->3657 3658 4048c9 SendMessageA 3656->3658 3659 4048e1 3657->3659 3658->3657 3660 404918 3659->3660 3664 405bc3 18 API calls 3659->3664 3662 403e5d 19 API calls 3660->3662 3661 404b37 3663 404be6 3661->3663 3667 404a40 3661->3667 3673 404b90 SendMessageA 3661->3673 3666 40492c 3662->3666 3668 404bfb 3663->3668 3669 404bef SendMessageA 3663->3669 3670 4048fa SendMessageA SendMessageA 3664->3670 3665->3661 3689 404ac1 3665->3689 3708 40475c SendMessageA 3665->3708 3672 403e5d 19 API calls 3666->3672 3674 403ec4 8 API calls 3667->3674 3676 404c14 3668->3676 3677 404c0d ImageList_Destroy 3668->3677 3685 404c24 3668->3685 3669->3668 3670->3659 3690 40493a 3672->3690 3673->3667 3679 404ba5 SendMessageA 3673->3679 3680 404dd6 3674->3680 3675 404b29 SendMessageA 3675->3661 3681 404c1d GlobalFree 3676->3681 3676->3685 3677->3676 3678 404d8a 3678->3667 3686 404d9c ShowWindow GetDlgItem ShowWindow 3678->3686 3683 404bb8 3679->3683 3681->3685 3682 404a0e GetWindowLongA SetWindowLongA 3684 404a27 3682->3684 3696 404bc9 SendMessageA 3683->3696 3687 404a45 3684->3687 3688 404a2d ShowWindow 3684->3688 3685->3678 3694 40140b 2 API calls 3685->3694 3701 404c56 3685->3701 3686->3667 3707 403e92 SendMessageA 3687->3707 3706 403e92 SendMessageA 3688->3706 3689->3661 3689->3675 3690->3682 3693 404989 SendMessageA 3690->3693 3697 404a08 3690->3697 3698 4049c5 SendMessageA 3690->3698 3699 4049d6 SendMessageA 3690->3699 3693->3690 3694->3701 3695 404c9a 3700 404d60 InvalidateRect 3695->3700 3705 404d0e SendMessageA SendMessageA 3695->3705 3696->3663 3697->3682 3697->3684 3698->3690 3699->3690 3700->3678 3702 404d76 3700->3702 3701->3695 3703 404c84 SendMessageA 3701->3703 3713 404717 3702->3713 3703->3695 3705->3695 3706->3667 3707->3665 3709 4047bb SendMessageA 3708->3709 3710 40477f GetMessagePos ScreenToClient SendMessageA 3708->3710 3711 4047b3 3709->3711 3710->3711 3712 4047b8 3710->3712 3711->3689 3712->3709 3716 404652 3713->3716 3715 40472c 3715->3678 3717 404668 3716->3717 3718 405bc3 18 API calls 3717->3718 3719 4046cc 3718->3719 3720 405bc3 18 API calls 3719->3720 3721 4046d7 3720->3721 3722 405bc3 18 API calls 3721->3722 3723 4046ed lstrlenA wsprintfA SetDlgItemTextA 3722->3723 3723->3715 3724 404ddd 3725 404e02 3724->3725 3726 404deb 3724->3726 3728 404e10 IsWindowVisible 3725->3728 3734 404e27 3725->3734 3727 404df1 3726->3727 3742 404e6b 3726->3742 3729 403ea9 SendMessageA 3727->3729 3731 404e1d 3728->3731 3728->3742 3732 404dfb 3729->3732 3730 404e71 CallWindowProcA 3730->3732 3733 40475c 5 API calls 3731->3733 3733->3734 3734->3730 3743 405ba1 lstrcpynA 3734->3743 3736 404e56 3744 405aff wsprintfA 3736->3744 3738 404e5d 3739 40140b 2 API calls 3738->3739 3740 404e64 3739->3740 3745 405ba1 lstrcpynA 3740->3745 3742->3730 3743->3736 3744->3738 3745->3742 2814 4025e2 2815 4025e9 2814->2815 2821 40284e 2814->2821 2822 4029ef 2815->2822 2817 4025f4 2818 4025fb SetFilePointer 2817->2818 2819 40260b 2818->2819 2818->2821 2825 405aff wsprintfA 2819->2825 2823 405bc3 18 API calls 2822->2823 2824 402a03 2823->2824 2824->2817 2825->2821 3746 401ae5 3747 402a0c 18 API calls 3746->3747 3748 401aec 3747->3748 3749 4029ef 18 API calls 3748->3749 3750 401af5 wsprintfA 3749->3750 3751 4028a1 3750->3751 3752 4019e6 3753 402a0c 18 API calls 3752->3753 3754 4019ef ExpandEnvironmentStringsA 3753->3754 3755 401a03 3754->3755 3757 401a16 3754->3757 3756 401a08 lstrcmpA 3755->3756 3755->3757 3756->3757 2853 401f67 2854 401f79 2853->2854 2855 402028 2853->2855 2856 402a0c 18 API calls 2854->2856 2857 401423 25 API calls 2855->2857 2858 401f80 2856->2858 2864 40217f 2857->2864 2859 402a0c 18 API calls 2858->2859 2860 401f89 2859->2860 2861 401f91 GetModuleHandleA 2860->2861 2862 401f9e LoadLibraryExA 2860->2862 2861->2862 2863 401fae GetProcAddress 2861->2863 2862->2855 2862->2863 2865 401ffb 2863->2865 2866 401fbe 2863->2866 2867 404e8d 25 API calls 2865->2867 2868 401423 25 API calls 2866->2868 2869 401fce 2866->2869 2867->2869 2868->2869 2869->2864 2870 40201c FreeLibrary 2869->2870 2870->2864 3758 4045ec 3759 404618 3758->3759 3760 4045fc 3758->3760 3762 40464b 3759->3762 3763 40461e SHGetPathFromIDListA 3759->3763 3769 405446 GetDlgItemTextA 3760->3769 3765 404635 SendMessageA 3763->3765 3766 40462e 3763->3766 3764 404609 SendMessageA 3764->3759 3765->3762 3767 40140b 2 API calls 3766->3767 3767->3765 3769->3764 3770 401c6d 3771 4029ef 18 API calls 3770->3771 3772 401c73 IsWindow 3771->3772 3773 4019d6 3772->3773 3774 4014f0 SetForegroundWindow 3775 4028a1 3774->3775 3776 403f71 lstrcpynA lstrlenA 3777 4016fa 3778 402a0c 18 API calls 3777->3778 3779 401701 SearchPathA 3778->3779 3780 4027cc 3779->3780 3781 40171c 3779->3781 3781->3780 3783 405ba1 lstrcpynA 3781->3783 3783->3780 3540 40287c SendMessageA 3541 4028a1 3540->3541 3542 402896 InvalidateRect 3540->3542 3542->3541 3784 40227d 3785 402a0c 18 API calls 3784->3785 3786 40228b 3785->3786 3787 402a0c 18 API calls 3786->3787 3788 402294 3787->3788 3789 402a0c 18 API calls 3788->3789 3790 40229e GetPrivateProfileStringA 3789->3790 3791 4014fe 3792 401506 3791->3792 3794 401519 3791->3794 3793 4029ef 18 API calls 3792->3793 3793->3794 3795 401000 3796 401037 BeginPaint GetClientRect 3795->3796 3797 40100c DefWindowProcA 3795->3797 3799 4010f3 3796->3799 3800 401179 3797->3800 3801 401073 CreateBrushIndirect FillRect DeleteObject 3799->3801 3802 4010fc 3799->3802 3801->3799 3803 401102 CreateFontIndirectA 3802->3803 3804 401167 EndPaint 3802->3804 3803->3804 3805 401112 6 API calls 3803->3805 3804->3800 3805->3804 2826 401b06 2827 401b57 2826->2827 2829 401b13 2826->2829 2830 401b80 GlobalAlloc 2827->2830 2831 401b5b 2827->2831 2828 402211 2834 405bc3 18 API calls 2828->2834 2829->2828 2837 401b2a 2829->2837 2833 405bc3 18 API calls 2830->2833 2832 401b9b 2831->2832 2847 405ba1 lstrcpynA 2831->2847 2833->2832 2836 40221e 2834->2836 2848 405462 2836->2848 2845 405ba1 lstrcpynA 2837->2845 2838 401b6d GlobalFree 2838->2832 2841 401b39 2846 405ba1 lstrcpynA 2841->2846 2843 401b48 2852 405ba1 lstrcpynA 2843->2852 2845->2841 2846->2843 2847->2838 2849 405477 2848->2849 2850 4054c3 2849->2850 2851 40548b MessageBoxIndirectA 2849->2851 2850->2832 2851->2850 2852->2832 3806 402188 3807 402a0c 18 API calls 3806->3807 3808 40218e 3807->3808 3809 402a0c 18 API calls 3808->3809 3810 402197 3809->3810 3811 402a0c 18 API calls 3810->3811 3812 4021a0 3811->3812 3813 405e9c 2 API calls 3812->3813 3814 4021a9 3813->3814 3815 4021ba lstrlenA lstrlenA 3814->3815 3820 4021ad 3814->3820 3816 404e8d 25 API calls 3815->3816 3818 4021f6 SHFileOperationA 3816->3818 3817 404e8d 25 API calls 3819 4021b5 3817->3819 3818->3819 3818->3820 3820->3817 3820->3819 2871 40398a 2872 4039a2 2871->2872 2873 403add 2871->2873 2872->2873 2874 4039ae 2872->2874 2875 403b2e 2873->2875 2876 403aee GetDlgItem GetDlgItem 2873->2876 2877 4039b9 SetWindowPos 2874->2877 2878 4039cc 2874->2878 2880 403b88 2875->2880 2888 401389 2 API calls 2875->2888 2879 403e5d 19 API calls 2876->2879 2877->2878 2882 4039d1 ShowWindow 2878->2882 2883 4039e9 2878->2883 2884 403b18 SetClassLongA 2879->2884 2930 403ad8 2880->2930 2939 403ea9 2880->2939 2882->2883 2885 4039f1 DestroyWindow 2883->2885 2886 403a0b 2883->2886 2887 40140b 2 API calls 2884->2887 2938 403de6 2885->2938 2890 403a10 SetWindowLongA 2886->2890 2891 403a21 2886->2891 2887->2875 2889 403b60 2888->2889 2889->2880 2892 403b64 SendMessageA 2889->2892 2890->2930 2895 403a2d GetDlgItem 2891->2895 2907 403a98 2891->2907 2892->2930 2893 40140b 2 API calls 2928 403b9a 2893->2928 2894 403de8 DestroyWindow KiUserCallbackDispatcher 2894->2938 2898 403a40 SendMessageA IsWindowEnabled 2895->2898 2899 403a5d 2895->2899 2897 403e17 ShowWindow 2897->2930 2898->2899 2898->2930 2901 403a6a 2899->2901 2902 403ab1 SendMessageA 2899->2902 2903 403a7d 2899->2903 2911 403a62 2899->2911 2900 405bc3 18 API calls 2900->2928 2901->2902 2901->2911 2902->2907 2905 403a85 2903->2905 2906 403a9a 2903->2906 2952 40140b 2905->2952 2909 40140b 2 API calls 2906->2909 2958 403ec4 2907->2958 2909->2911 2910 403e5d 19 API calls 2910->2928 2911->2907 2955 403e36 2911->2955 2913 403c15 GetDlgItem 2914 403c32 ShowWindow KiUserCallbackDispatcher 2913->2914 2915 403c2a 2913->2915 2945 403e7f KiUserCallbackDispatcher 2914->2945 2915->2914 2917 403c5c KiUserCallbackDispatcher 2920 403c70 2917->2920 2918 403c75 GetSystemMenu EnableMenuItem SendMessageA 2919 403ca5 SendMessageA 2918->2919 2918->2920 2919->2920 2920->2918 2946 403e92 SendMessageA 2920->2946 2947 405ba1 lstrcpynA 2920->2947 2923 403cd3 lstrlenA 2924 405bc3 18 API calls 2923->2924 2925 403ce4 SetWindowTextA 2924->2925 2948 401389 2925->2948 2927 403d28 DestroyWindow 2929 403d42 CreateDialogParamA 2927->2929 2927->2938 2928->2893 2928->2894 2928->2900 2928->2910 2928->2927 2928->2930 2942 403e5d 2928->2942 2931 403d75 2929->2931 2929->2938 2932 403e5d 19 API calls 2931->2932 2933 403d80 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 2932->2933 2934 401389 2 API calls 2933->2934 2935 403dc6 2934->2935 2935->2930 2936 403dce ShowWindow 2935->2936 2937 403ea9 SendMessageA 2936->2937 2937->2938 2938->2897 2938->2930 2940 403ec1 2939->2940 2941 403eb2 SendMessageA 2939->2941 2940->2928 2941->2940 2943 405bc3 18 API calls 2942->2943 2944 403e68 SetDlgItemTextA 2943->2944 2944->2913 2945->2917 2946->2920 2947->2923 2950 401390 2948->2950 2949 4013fe 2949->2928 2950->2949 2951 4013cb MulDiv SendMessageA 2950->2951 2951->2950 2953 401389 2 API calls 2952->2953 2954 401420 2953->2954 2954->2911 2956 403e43 SendMessageA 2955->2956 2957 403e3d 2955->2957 2956->2907 2957->2956 2959 403edc GetWindowLongA 2958->2959 2969 403f65 2958->2969 2960 403eed 2959->2960 2959->2969 2961 403efc GetSysColor 2960->2961 2962 403eff 2960->2962 2961->2962 2963 403f05 SetTextColor 2962->2963 2964 403f0f SetBkMode 2962->2964 2963->2964 2965 403f27 GetSysColor 2964->2965 2966 403f2d 2964->2966 2965->2966 2967 403f34 SetBkColor 2966->2967 2968 403f3e 2966->2968 2967->2968 2968->2969 2970 403f51 DeleteObject 2968->2970 2971 403f58 CreateBrushIndirect 2968->2971 2969->2930 2970->2971 2971->2969 3821 40220a 3822 402211 3821->3822 3825 402224 3821->3825 3823 405bc3 18 API calls 3822->3823 3824 40221e 3823->3824 3826 405462 MessageBoxIndirectA 3824->3826 3826->3825 3827 401c8a 3828 4029ef 18 API calls 3827->3828 3829 401c91 3828->3829 3830 4029ef 18 API calls 3829->3830 3831 401c99 GetDlgItem 3830->3831 3832 4024ce 3831->3832 3028 40310d SetErrorMode GetVersion 3029 403143 3028->3029 3030 403149 3028->3030 3031 405f2d 5 API calls 3029->3031 3121 405ec3 GetSystemDirectoryA 3030->3121 3031->3030 3033 40315e 3034 405ec3 3 API calls 3033->3034 3035 403168 3034->3035 3036 405ec3 3 API calls 3035->3036 3037 403172 3036->3037 3124 405f2d GetModuleHandleA 3037->3124 3040 405f2d 5 API calls 3041 403180 #17 OleInitialize SHGetFileInfoA 3040->3041 3130 405ba1 lstrcpynA 3041->3130 3043 4031bd GetCommandLineA 3131 405ba1 lstrcpynA 3043->3131 3045 4031cf GetModuleHandleA 3046 4031e6 3045->3046 3047 4056bf CharNextA 3046->3047 3048 4031fa CharNextA 3047->3048 3056 403207 3048->3056 3049 403270 3050 403283 GetTempPathA 3049->3050 3132 4030dc 3050->3132 3052 403299 3053 4032bd DeleteFileA 3052->3053 3054 40329d GetWindowsDirectoryA lstrcatA 3052->3054 3142 402c38 GetTickCount GetModuleFileNameA 3053->3142 3057 4030dc 12 API calls 3054->3057 3055 4056bf CharNextA 3055->3056 3056->3049 3056->3055 3060 403272 3056->3060 3059 4032b9 3057->3059 3059->3053 3062 40333b ExitProcess OleUninitialize 3059->3062 3226 405ba1 lstrcpynA 3060->3226 3061 4032ce 3061->3062 3068 4056bf CharNextA 3061->3068 3100 403327 3061->3100 3064 403350 3062->3064 3065 40345f 3062->3065 3069 405462 MessageBoxIndirectA 3064->3069 3066 403502 ExitProcess 3065->3066 3070 405f2d 5 API calls 3065->3070 3073 4032e5 3068->3073 3074 40335e ExitProcess 3069->3074 3075 403472 3070->3075 3071 403337 3071->3062 3077 403302 3073->3077 3078 403366 3073->3078 3076 405f2d 5 API calls 3075->3076 3079 40347b 3076->3079 3227 405775 3077->3227 3243 4053e9 3078->3243 3082 405f2d 5 API calls 3079->3082 3085 403484 3082->3085 3094 403492 GetCurrentProcess 3085->3094 3103 4034a2 3085->3103 3086 403387 lstrcatA lstrcmpiA 3086->3062 3089 4033a3 3086->3089 3087 40337c lstrcatA 3087->3086 3088 405f2d 5 API calls 3104 4034d9 3088->3104 3091 4033a8 3089->3091 3092 4033af 3089->3092 3246 40534f CreateDirectoryA 3091->3246 3251 4053cc CreateDirectoryA 3092->3251 3093 40331c 3242 405ba1 lstrcpynA 3093->3242 3094->3103 3095 4034ee ExitWindowsEx 3095->3066 3101 4034fb 3095->3101 3170 4035f4 3100->3170 3105 40140b 2 API calls 3101->3105 3102 4033b4 SetCurrentDirectoryA 3106 4033c3 3102->3106 3107 4033ce 3102->3107 3103->3088 3104->3095 3104->3101 3105->3066 3254 405ba1 lstrcpynA 3106->3254 3255 405ba1 lstrcpynA 3107->3255 3110 405bc3 18 API calls 3111 4033fe DeleteFileA 3110->3111 3112 40340b CopyFileA 3111->3112 3118 4033dc 3111->3118 3112->3118 3113 403453 3115 4058ef 40 API calls 3113->3115 3116 40345a 3115->3116 3116->3062 3117 405bc3 18 API calls 3117->3118 3118->3110 3118->3113 3118->3117 3120 40343f CloseHandle 3118->3120 3256 4058ef 3118->3256 3282 405401 CreateProcessA 3118->3282 3120->3118 3122 405ee5 wsprintfA LoadLibraryA 3121->3122 3122->3033 3125 405f53 GetProcAddress 3124->3125 3126 405f49 3124->3126 3128 403179 3125->3128 3127 405ec3 3 API calls 3126->3127 3129 405f4f 3127->3129 3128->3040 3129->3125 3129->3128 3130->3043 3131->3045 3133 405e03 5 API calls 3132->3133 3134 4030e8 3133->3134 3135 4030f2 3134->3135 3285 405694 lstrlenA CharPrevA 3134->3285 3135->3052 3138 4053cc 2 API calls 3139 403100 3138->3139 3140 4058a7 2 API calls 3139->3140 3141 40310b 3140->3141 3141->3052 3288 405878 GetFileAttributesA CreateFileA 3142->3288 3144 402c78 3169 402c88 3144->3169 3289 405ba1 lstrcpynA 3144->3289 3146 402c9e 3290 4056db lstrlenA 3146->3290 3150 402caf GetFileSize 3151 402dab 3150->3151 3163 402cc6 3150->3163 3297 402bd4 3151->3297 3153 402db4 3155 402de4 GlobalAlloc 3153->3155 3153->3169 3308 4030c5 SetFilePointer 3153->3308 3309 4030c5 SetFilePointer 3155->3309 3157 402e17 3161 402bd4 6 API calls 3157->3161 3159 402dcd 3162 403093 ReadFile 3159->3162 3160 402dff 3310 402e71 3160->3310 3161->3169 3165 402dd8 3162->3165 3163->3151 3163->3157 3166 402bd4 6 API calls 3163->3166 3163->3169 3295 403093 ReadFile 3163->3295 3165->3155 3165->3169 3166->3163 3167 402e0b 3167->3167 3168 402e48 SetFilePointer 3167->3168 3167->3169 3168->3169 3169->3061 3171 405f2d 5 API calls 3170->3171 3172 403608 3171->3172 3173 403620 3172->3173 3174 40360e 3172->3174 3175 405a88 3 API calls 3173->3175 3345 405aff wsprintfA 3174->3345 3176 403641 3175->3176 3177 40365f lstrcatA 3176->3177 3179 405a88 3 API calls 3176->3179 3180 40361e 3177->3180 3179->3177 3336 4038bd 3180->3336 3183 405775 18 API calls 3184 403691 3183->3184 3185 40371a 3184->3185 3187 405a88 3 API calls 3184->3187 3186 405775 18 API calls 3185->3186 3188 403720 3186->3188 3190 4036bd 3187->3190 3189 403730 LoadImageA 3188->3189 3191 405bc3 18 API calls 3188->3191 3192 4037e4 3189->3192 3193 40375b RegisterClassA 3189->3193 3190->3185 3194 4036d9 lstrlenA 3190->3194 3197 4056bf CharNextA 3190->3197 3191->3189 3196 40140b 2 API calls 3192->3196 3195 403797 SystemParametersInfoA CreateWindowExA 3193->3195 3225 4037ee 3193->3225 3198 4036e7 lstrcmpiA 3194->3198 3199 40370d 3194->3199 3195->3192 3200 4037ea 3196->3200 3201 4036d7 3197->3201 3198->3199 3202 4036f7 GetFileAttributesA 3198->3202 3203 405694 3 API calls 3199->3203 3205 4038bd 19 API calls 3200->3205 3200->3225 3201->3194 3204 403703 3202->3204 3206 403713 3203->3206 3204->3199 3207 4056db 2 API calls 3204->3207 3208 4037fb 3205->3208 3346 405ba1 lstrcpynA 3206->3346 3207->3199 3210 403807 ShowWindow 3208->3210 3211 40388a 3208->3211 3213 405ec3 3 API calls 3210->3213 3212 404f5f 5 API calls 3211->3212 3214 403890 3212->3214 3215 40381f 3213->3215 3216 403894 3214->3216 3217 4038ac 3214->3217 3218 40382d GetClassInfoA 3215->3218 3220 405ec3 3 API calls 3215->3220 3224 40140b 2 API calls 3216->3224 3216->3225 3219 40140b 2 API calls 3217->3219 3221 403841 GetClassInfoA RegisterClassA 3218->3221 3222 403857 DialogBoxParamA 3218->3222 3219->3225 3220->3218 3221->3222 3223 40140b 2 API calls 3222->3223 3223->3225 3224->3225 3225->3071 3226->3050 3348 405ba1 lstrcpynA 3227->3348 3229 405786 3349 405728 CharNextA CharNextA 3229->3349 3232 40330d 3232->3062 3241 405ba1 lstrcpynA 3232->3241 3233 405e03 5 API calls 3239 40579c 3233->3239 3234 4057c7 lstrlenA 3235 4057d2 3234->3235 3234->3239 3236 405694 3 API calls 3235->3236 3238 4057d7 GetFileAttributesA 3236->3238 3238->3232 3239->3232 3239->3234 3240 4056db 2 API calls 3239->3240 3355 405e9c FindFirstFileA 3239->3355 3240->3234 3241->3093 3242->3100 3244 405f2d 5 API calls 3243->3244 3245 40336b lstrcatA 3244->3245 3245->3086 3245->3087 3247 4053a0 GetLastError 3246->3247 3248 4033ad 3246->3248 3247->3248 3249 4053af SetFileSecurityA 3247->3249 3248->3102 3249->3248 3250 4053c5 GetLastError 3249->3250 3250->3248 3252 4053e0 GetLastError 3251->3252 3253 4053dc 3251->3253 3252->3253 3253->3102 3254->3107 3255->3118 3257 405f2d 5 API calls 3256->3257 3258 4058fa 3257->3258 3259 405957 GetShortPathNameA 3258->3259 3260 405a4c 3258->3260 3358 405878 GetFileAttributesA CreateFileA 3258->3358 3259->3260 3261 40596c 3259->3261 3260->3118 3261->3260 3263 405974 wsprintfA 3261->3263 3265 405bc3 18 API calls 3263->3265 3264 40593b CloseHandle GetShortPathNameA 3264->3260 3266 40594f 3264->3266 3267 40599c 3265->3267 3266->3259 3266->3260 3359 405878 GetFileAttributesA CreateFileA 3267->3359 3269 4059a9 3269->3260 3270 4059b8 GetFileSize GlobalAlloc 3269->3270 3271 405a45 CloseHandle 3270->3271 3272 4059d6 ReadFile 3270->3272 3271->3260 3272->3271 3273 4059ea 3272->3273 3273->3271 3360 4057ed lstrlenA 3273->3360 3276 405a59 3278 4057ed 4 API calls 3276->3278 3277 4059ff 3365 405ba1 lstrcpynA 3277->3365 3280 405a0d 3278->3280 3281 405a20 SetFilePointer WriteFile GlobalFree 3280->3281 3281->3271 3283 405430 CloseHandle 3282->3283 3284 40543c 3282->3284 3283->3284 3284->3118 3286 4030fa 3285->3286 3287 4056ae lstrcatA 3285->3287 3286->3138 3287->3286 3288->3144 3289->3146 3291 4056e8 3290->3291 3292 402ca4 3291->3292 3293 4056ed CharPrevA 3291->3293 3294 405ba1 lstrcpynA 3292->3294 3293->3291 3293->3292 3294->3150 3296 4030b4 3295->3296 3296->3163 3298 402bf5 3297->3298 3299 402bdd 3297->3299 3300 402c05 GetTickCount 3298->3300 3301 402bfd 3298->3301 3302 402be6 DestroyWindow 3299->3302 3303 402bed 3299->3303 3305 402c13 CreateDialogParamA ShowWindow 3300->3305 3306 402c36 3300->3306 3331 405f69 3301->3331 3302->3303 3303->3153 3305->3306 3306->3153 3308->3159 3309->3160 3311 402e87 3310->3311 3312 402eb5 3311->3312 3335 4030c5 SetFilePointer 3311->3335 3314 403093 ReadFile 3312->3314 3315 402ec0 3314->3315 3316 402ed2 GetTickCount 3315->3316 3317 403027 3315->3317 3318 403012 3315->3318 3316->3318 3327 402f21 3316->3327 3319 40302b 3317->3319 3320 403043 3317->3320 3318->3167 3322 403093 ReadFile 3319->3322 3320->3318 3323 403093 ReadFile 3320->3323 3324 40305e WriteFile 3320->3324 3321 403093 ReadFile 3321->3327 3322->3318 3323->3320 3324->3318 3325 403073 3324->3325 3325->3318 3325->3320 3326 402f77 GetTickCount 3326->3327 3327->3318 3327->3321 3327->3326 3328 402f9c MulDiv wsprintfA 3327->3328 3329 402fda WriteFile 3327->3329 3330 404e8d 25 API calls 3328->3330 3329->3318 3329->3327 3330->3327 3332 405f86 PeekMessageA 3331->3332 3333 402c03 3332->3333 3334 405f7c DispatchMessageA 3332->3334 3333->3153 3334->3332 3335->3312 3337 4038d1 3336->3337 3347 405aff wsprintfA 3337->3347 3339 403942 3340 405bc3 18 API calls 3339->3340 3341 40394e SetWindowTextA 3340->3341 3342 40366f 3341->3342 3343 40396a 3341->3343 3342->3183 3343->3342 3344 405bc3 18 API calls 3343->3344 3344->3343 3345->3180 3346->3185 3347->3339 3348->3229 3350 405742 3349->3350 3354 40574e 3349->3354 3352 405749 CharNextA 3350->3352 3350->3354 3351 40576b 3351->3232 3351->3233 3352->3351 3353 4056bf CharNextA 3353->3354 3354->3351 3354->3353 3356 405eb2 FindClose 3355->3356 3357 405ebd 3355->3357 3356->3357 3357->3239 3358->3264 3359->3269 3361 405823 lstrlenA 3360->3361 3362 405801 lstrcmpiA 3361->3362 3363 40582d 3361->3363 3362->3363 3364 40581a CharNextA 3362->3364 3363->3276 3363->3277 3364->3361 3365->3280 3366 40190d 3367 40190f 3366->3367 3368 402a0c 18 API calls 3367->3368 3369 401914 3368->3369 3372 4054c6 3369->3372 3373 405775 18 API calls 3372->3373 3374 4054da 3373->3374 3375 4054e3 DeleteFileA 3374->3375 3376 4054fa 3374->3376 3377 40191d 3375->3377 3378 40562f 3376->3378 3413 405ba1 lstrcpynA 3376->3413 3378->3377 3383 405e9c 2 API calls 3378->3383 3380 405524 3381 405535 3380->3381 3382 405528 lstrcatA 3380->3382 3385 4056db 2 API calls 3381->3385 3384 40553b 3382->3384 3387 405654 3383->3387 3386 405549 lstrcatA 3384->3386 3388 405554 lstrlenA FindFirstFileA 3384->3388 3385->3384 3386->3388 3387->3377 3389 405694 3 API calls 3387->3389 3388->3378 3392 405578 3388->3392 3391 40565e 3389->3391 3390 4056bf CharNextA 3390->3392 3393 405859 2 API calls 3391->3393 3392->3390 3398 40560e FindNextFileA 3392->3398 3406 4054c6 61 API calls 3392->3406 3409 404e8d 25 API calls 3392->3409 3412 4055ec 3392->3412 3414 405ba1 lstrcpynA 3392->3414 3415 405859 GetFileAttributesA 3392->3415 3394 405664 RemoveDirectoryA 3393->3394 3395 405686 3394->3395 3396 40566f 3394->3396 3397 404e8d 25 API calls 3395->3397 3396->3377 3400 405675 3396->3400 3397->3377 3398->3392 3401 405626 FindClose 3398->3401 3402 404e8d 25 API calls 3400->3402 3401->3378 3403 40567d 3402->3403 3404 4058ef 40 API calls 3403->3404 3407 405684 3404->3407 3406->3392 3407->3377 3409->3398 3410 404e8d 25 API calls 3410->3412 3411 4058ef 40 API calls 3411->3412 3412->3398 3412->3410 3412->3411 3413->3380 3414->3392 3416 4055db DeleteFileA 3415->3416 3417 405868 SetFileAttributesA 3415->3417 3416->3392 3417->3416 3833 401490 3834 404e8d 25 API calls 3833->3834 3835 401497 3834->3835 3836 402611 3837 4028a1 3836->3837 3838 402618 3836->3838 3839 40261e FindClose 3838->3839 3839->3837 3840 402692 3841 402a0c 18 API calls 3840->3841 3842 4026a0 3841->3842 3843 4026b6 3842->3843 3844 402a0c 18 API calls 3842->3844 3845 405859 2 API calls 3843->3845 3844->3843 3846 4026bc 3845->3846 3866 405878 GetFileAttributesA CreateFileA 3846->3866 3848 4026c9 3849 402772 3848->3849 3850 4026d5 GlobalAlloc 3848->3850 3851 40277a DeleteFileA 3849->3851 3852 40278d 3849->3852 3853 402769 CloseHandle 3850->3853 3854 4026ee 3850->3854 3851->3852 3853->3849 3867 4030c5 SetFilePointer 3854->3867 3856 4026f4 3857 403093 ReadFile 3856->3857 3858 4026fd GlobalAlloc 3857->3858 3859 402741 WriteFile GlobalFree 3858->3859 3860 40270d 3858->3860 3862 402e71 33 API calls 3859->3862 3861 402e71 33 API calls 3860->3861 3865 40271a 3861->3865 3863 402766 3862->3863 3863->3853 3864 402738 GlobalFree 3864->3859 3865->3864 3866->3848 3867->3856 3868 402793 3869 4029ef 18 API calls 3868->3869 3870 402799 3869->3870 3871 4027d4 3870->3871 3872 4027bd 3870->3872 3878 402672 3870->3878 3873 4027ea 3871->3873 3874 4027de 3871->3874 3875 4027c2 3872->3875 3881 4027d1 3872->3881 3877 405bc3 18 API calls 3873->3877 3876 4029ef 18 API calls 3874->3876 3882 405ba1 lstrcpynA 3875->3882 3876->3881 3877->3881 3881->3878 3883 405aff wsprintfA 3881->3883 3882->3878 3883->3878 3500 401d95 3501 4029ef 18 API calls 3500->3501 3502 401d9b 3501->3502 3503 4029ef 18 API calls 3502->3503 3504 401da4 3503->3504 3505 401db6 EnableWindow 3504->3505 3506 401dab ShowWindow 3504->3506 3507 4028a1 3505->3507 3506->3507 3884 401595 3885 402a0c 18 API calls 3884->3885 3886 40159c SetFileAttributesA 3885->3886 3887 4015ae 3886->3887 3888 401e95 3889 402a0c 18 API calls 3888->3889 3890 401e9c 3889->3890 3891 405e9c 2 API calls 3890->3891 3892 401ea2 3891->3892 3894 401eb4 3892->3894 3895 405aff wsprintfA 3892->3895 3895->3894 3896 401696 3897 402a0c 18 API calls 3896->3897 3898 40169c GetFullPathNameA 3897->3898 3899 4016b3 3898->3899 3905 4016d4 3898->3905 3901 405e9c 2 API calls 3899->3901 3899->3905 3900 4016e8 GetShortPathNameA 3903 4028a1 3900->3903 3902 4016c4 3901->3902 3902->3905 3906 405ba1 lstrcpynA 3902->3906 3905->3900 3905->3903 3906->3905 3907 402319 3908 40231f 3907->3908 3909 402a0c 18 API calls 3908->3909 3910 402331 3909->3910 3911 402a0c 18 API calls 3910->3911 3912 40233b RegCreateKeyExA 3911->3912 3913 4028a1 3912->3913 3914 402365 3912->3914 3915 40237d 3914->3915 3916 402a0c 18 API calls 3914->3916 3917 402389 3915->3917 3919 4029ef 18 API calls 3915->3919 3918 402376 lstrlenA 3916->3918 3920 4023a4 RegSetValueExA 3917->3920 3921 402e71 33 API calls 3917->3921 3918->3915 3919->3917 3922 4023ba RegCloseKey 3920->3922 3921->3920 3922->3913 3924 402819 3925 4029ef 18 API calls 3924->3925 3926 40281f 3925->3926 3927 402850 3926->3927 3929 40282d 3926->3929 3930 402672 3926->3930 3928 405bc3 18 API calls 3927->3928 3927->3930 3928->3930 3929->3930 3932 405aff wsprintfA 3929->3932 3932->3930 3513 40351a 3514 403532 3513->3514 3515 403524 CloseHandle 3513->3515 3520 40355f 3514->3520 3515->3514 3518 4054c6 70 API calls 3519 403543 3518->3519 3521 40356d 3520->3521 3522 403537 3521->3522 3523 403572 FreeLibrary GlobalFree 3521->3523 3522->3518 3523->3522 3523->3523 3524 401e1b 3525 402a0c 18 API calls 3524->3525 3526 401e21 3525->3526 3527 404e8d 25 API calls 3526->3527 3528 401e2b 3527->3528 3529 405401 2 API calls 3528->3529 3530 401e31 3529->3530 3531 401e87 FindCloseChangeNotification 3530->3531 3532 402672 3530->3532 3533 401e50 WaitForSingleObject 3530->3533 3535 405f69 2 API calls 3530->3535 3531->3532 3533->3530 3534 401e5e GetExitCodeProcess 3533->3534 3536 401e70 3534->3536 3537 401e79 3534->3537 3535->3533 3539 405aff wsprintfA 3536->3539 3537->3531 3539->3537 3933 401d1b GetDC GetDeviceCaps 3934 4029ef 18 API calls 3933->3934 3935 401d37 MulDiv 3934->3935 3936 4029ef 18 API calls 3935->3936 3937 401d4c 3936->3937 3938 405bc3 18 API calls 3937->3938 3939 401d85 CreateFontIndirectA 3938->3939 3940 4024ce 3939->3940 3941 40429b 3942 4042c7 3941->3942 3943 4042d8 3941->3943 4002 405446 GetDlgItemTextA 3942->4002 3944 4042e4 GetDlgItem 3943->3944 3950 404343 3943->3950 3947 4042f8 3944->3947 3946 4042d2 3948 405e03 5 API calls 3946->3948 3949 40430c SetWindowTextA 3947->3949 3953 405728 4 API calls 3947->3953 3948->3943 3954 403e5d 19 API calls 3949->3954 3955 405bc3 18 API calls 3950->3955 3963 404427 3950->3963 4000 4045d1 3950->4000 3952 403ec4 8 API calls 3957 4045e5 3952->3957 3958 404302 3953->3958 3959 404328 3954->3959 3960 4043b7 SHBrowseForFolderA 3955->3960 3956 404457 3961 405775 18 API calls 3956->3961 3958->3949 3966 405694 3 API calls 3958->3966 3962 403e5d 19 API calls 3959->3962 3960->3963 3964 4043cf CoTaskMemFree 3960->3964 3965 40445d 3961->3965 3967 404336 3962->3967 3963->4000 4004 405446 GetDlgItemTextA 3963->4004 3968 405694 3 API calls 3964->3968 4005 405ba1 lstrcpynA 3965->4005 3966->3949 4003 403e92 SendMessageA 3967->4003 3970 4043dc 3968->3970 3973 404413 SetDlgItemTextA 3970->3973 3977 405bc3 18 API calls 3970->3977 3972 40433c 3975 405f2d 5 API calls 3972->3975 3973->3963 3974 404474 3976 405f2d 5 API calls 3974->3976 3975->3950 3984 40447b 3976->3984 3978 4043fb lstrcmpiA 3977->3978 3978->3973 3980 40440c lstrcatA 3978->3980 3979 4044b7 4006 405ba1 lstrcpynA 3979->4006 3980->3973 3982 4044be 3983 405728 4 API calls 3982->3983 3985 4044c4 GetDiskFreeSpaceA 3983->3985 3984->3979 3988 4056db 2 API calls 3984->3988 3990 40450f 3984->3990 3987 4044e8 MulDiv 3985->3987 3985->3990 3987->3990 3988->3984 3989 404580 3992 4045a3 3989->3992 3994 40140b 2 API calls 3989->3994 3990->3989 3991 404717 21 API calls 3990->3991 3993 40456d 3991->3993 4007 403e7f KiUserCallbackDispatcher 3992->4007 3995 404582 SetDlgItemTextA 3993->3995 3996 404572 3993->3996 3994->3992 3995->3989 3998 404652 21 API calls 3996->3998 3998->3989 3999 4045bf 3999->4000 4008 404230 3999->4008 4000->3952 4002->3946 4003->3972 4004->3956 4005->3974 4006->3982 4007->3999 4009 404243 SendMessageA 4008->4009 4010 40423e 4008->4010 4009->4000 4010->4009 3543 40251c 3544 4029ef 18 API calls 3543->3544 3546 402526 3544->3546 3545 40255a ReadFile 3545->3546 3550 40259c 3545->3550 3546->3545 3547 40259e 3546->3547 3548 4025ae 3546->3548 3546->3550 3552 405aff wsprintfA 3547->3552 3548->3550 3551 4025c4 SetFilePointer 3548->3551 3551->3550 3552->3550 2804 401721 2805 402a0c 18 API calls 2804->2805 2806 401728 2805->2806 2810 4058a7 2806->2810 2808 40172f 2809 4058a7 2 API calls 2808->2809 2809->2808 2811 4058b2 GetTickCount GetTempFileNameA 2810->2811 2812 4058e2 2811->2812 2813 4058de 2811->2813 2812->2808 2813->2811 2813->2812 4011 401922 4012 402a0c 18 API calls 4011->4012 4013 401929 lstrlenA 4012->4013 4014 4024ce 4013->4014 4014->4014 4015 403fa5 4016 403fbb 4015->4016 4024 4040c8 4015->4024 4020 403e5d 19 API calls 4016->4020 4017 404137 4018 404141 GetDlgItem 4017->4018 4019 40420b 4017->4019 4022 404157 4018->4022 4023 4041c9 4018->4023 4025 403ec4 8 API calls 4019->4025 4021 404011 4020->4021 4026 403e5d 19 API calls 4021->4026 4022->4023 4030 40417d 6 API calls 4022->4030 4023->4019 4031 4041db 4023->4031 4024->4017 4024->4019 4027 40410c GetDlgItem SendMessageA 4024->4027 4028 404206 4025->4028 4029 40401e CheckDlgButton 4026->4029 4046 403e7f KiUserCallbackDispatcher 4027->4046 4044 403e7f KiUserCallbackDispatcher 4029->4044 4030->4023 4034 4041e1 SendMessageA 4031->4034 4035 4041f2 4031->4035 4034->4035 4035->4028 4039 4041f8 SendMessageA 4035->4039 4036 404132 4037 404230 SendMessageA 4036->4037 4037->4017 4038 40403c GetDlgItem 4045 403e92 SendMessageA 4038->4045 4039->4028 4041 404052 SendMessageA 4042 404070 GetSysColor 4041->4042 4043 404079 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4041->4043 4042->4043 4043->4028 4044->4038 4045->4041 4046->4036 4047 401ca5 4048 4029ef 18 API calls 4047->4048 4049 401cb5 SetWindowLongA 4048->4049 4050 4028a1 4049->4050 4051 401a26 4052 4029ef 18 API calls 4051->4052 4053 401a2c 4052->4053 4054 4029ef 18 API calls 4053->4054 4055 4019d6 4054->4055 4056 40262b 4057 402646 4056->4057 4058 40262e 4056->4058 4059 4027cc 4057->4059 4062 405ba1 lstrcpynA 4057->4062 4060 40263b FindNextFileA 4058->4060 4060->4057 4062->4059 3418 401bad 3419 4029ef 18 API calls 3418->3419 3420 401bb4 3419->3420 3421 4029ef 18 API calls 3420->3421 3422 401bbe 3421->3422 3423 401bce 3422->3423 3424 402a0c 18 API calls 3422->3424 3425 401bde 3423->3425 3426 402a0c 18 API calls 3423->3426 3424->3423 3427 401be9 3425->3427 3428 401c2d 3425->3428 3426->3425 3430 4029ef 18 API calls 3427->3430 3429 402a0c 18 API calls 3428->3429 3431 401c32 3429->3431 3432 401bee 3430->3432 3433 402a0c 18 API calls 3431->3433 3434 4029ef 18 API calls 3432->3434 3436 401c3b FindWindowExA 3433->3436 3435 401bf7 3434->3435 3437 401c1d SendMessageA 3435->3437 3438 401bff SendMessageTimeoutA 3435->3438 3439 401c59 3436->3439 3437->3439 3438->3439 4063 4024b2 4064 402a0c 18 API calls 4063->4064 4065 4024b9 4064->4065 4068 405878 GetFileAttributesA CreateFileA 4065->4068 4067 4024c5 4068->4067 4069 4035b2 4070 4035bd 4069->4070 4071 4035c4 GlobalAlloc 4070->4071 4072 4035c1 4070->4072 4071->4072 3440 4015b3 3441 402a0c 18 API calls 3440->3441 3442 4015ba 3441->3442 3443 405728 4 API calls 3442->3443 3450 4015c2 3443->3450 3444 40160a 3445 40160f 3444->3445 3449 40162d 3444->3449 3448 401423 25 API calls 3445->3448 3446 4056bf CharNextA 3447 4015d0 CreateDirectoryA 3446->3447 3447->3450 3451 4015e5 GetLastError 3447->3451 3453 401616 3448->3453 3452 401423 25 API calls 3449->3452 3450->3444 3450->3446 3451->3450 3454 4015f2 GetFileAttributesA 3451->3454 3457 40217f 3452->3457 3458 405ba1 lstrcpynA 3453->3458 3454->3450 3456 401621 SetCurrentDirectoryA 3456->3457 3458->3456 3459 401734 3460 402a0c 18 API calls 3459->3460 3461 40173b 3460->3461 3462 401761 3461->3462 3463 401759 3461->3463 3499 405ba1 lstrcpynA 3462->3499 3498 405ba1 lstrcpynA 3463->3498 3466 40175f 3469 405e03 5 API calls 3466->3469 3467 40176c 3468 405694 3 API calls 3467->3468 3470 401772 lstrcatA 3468->3470 3472 40177e 3469->3472 3470->3466 3471 405e9c 2 API calls 3471->3472 3472->3471 3473 405859 2 API calls 3472->3473 3475 401795 CompareFileTime 3472->3475 3476 401859 3472->3476 3478 401830 3472->3478 3479 405ba1 lstrcpynA 3472->3479 3485 405bc3 18 API calls 3472->3485 3494 405462 MessageBoxIndirectA 3472->3494 3497 405878 GetFileAttributesA CreateFileA 3472->3497 3473->3472 3475->3472 3477 404e8d 25 API calls 3476->3477 3480 401863 3477->3480 3481 404e8d 25 API calls 3478->3481 3487 401845 3478->3487 3479->3472 3482 402e71 33 API calls 3480->3482 3481->3487 3483 401876 3482->3483 3484 40188a SetFileTime 3483->3484 3486 40189c FindCloseChangeNotification 3483->3486 3484->3486 3485->3472 3486->3487 3488 4018ad 3486->3488 3489 4018b2 3488->3489 3490 4018c5 3488->3490 3491 405bc3 18 API calls 3489->3491 3492 405bc3 18 API calls 3490->3492 3495 4018ba lstrcatA 3491->3495 3493 4018cd 3492->3493 3496 405462 MessageBoxIndirectA 3493->3496 3494->3472 3495->3493 3496->3487 3497->3472 3498->3466 3499->3467 4073 401634 4074 402a0c 18 API calls 4073->4074 4075 40163a 4074->4075 4076 405e9c 2 API calls 4075->4076 4077 401640 4076->4077 4078 401934 4079 4029ef 18 API calls 4078->4079 4080 40193b 4079->4080 4081 4029ef 18 API calls 4080->4081 4082 401945 4081->4082 4083 402a0c 18 API calls 4082->4083 4084 40194e 4083->4084 4085 401961 lstrlenA 4084->4085 4090 40199c 4084->4090 4086 40196b 4085->4086 4086->4090 4091 405ba1 lstrcpynA 4086->4091 4088 401985 4089 401992 lstrlenA 4088->4089 4088->4090 4089->4090 4091->4088 4092 4019b5 4093 402a0c 18 API calls 4092->4093 4094 4019bc 4093->4094 4095 402a0c 18 API calls 4094->4095 4096 4019c5 4095->4096 4097 4019cc lstrcmpiA 4096->4097 4098 4019de lstrcmpA 4096->4098 4099 4019d2 4097->4099 4098->4099 4100 402036 4101 402a0c 18 API calls 4100->4101 4102 40203d 4101->4102 4103 402a0c 18 API calls 4102->4103 4104 402047 4103->4104 4105 402a0c 18 API calls 4104->4105 4106 402050 4105->4106 4107 402a0c 18 API calls 4106->4107 4108 40205a 4107->4108 4109 402a0c 18 API calls 4108->4109 4110 402064 4109->4110 4111 402078 CoCreateInstance 4110->4111 4112 402a0c 18 API calls 4110->4112 4115 402097 4111->4115 4116 40214d 4111->4116 4112->4111 4113 401423 25 API calls 4114 40217f 4113->4114 4115->4116 4117 40212c MultiByteToWideChar 4115->4117 4116->4113 4116->4114 4117->4116 4118 4014b7 4119 4014bd 4118->4119 4120 401389 2 API calls 4119->4120 4121 4014c5 4120->4121 4122 402239 4123 402241 4122->4123 4124 402247 4122->4124 4126 402a0c 18 API calls 4123->4126 4125 402257 4124->4125 4127 402a0c 18 API calls 4124->4127 4128 402265 4125->4128 4129 402a0c 18 API calls 4125->4129 4126->4124 4127->4125 4130 402a0c 18 API calls 4128->4130 4129->4128 4131 40226e WritePrivateProfileStringA 4130->4131 4132 40243d 4133 402b16 19 API calls 4132->4133 4134 402447 4133->4134 4135 4029ef 18 API calls 4134->4135 4136 402450 4135->4136 4137 402473 RegEnumValueA 4136->4137 4138 402467 RegEnumKeyA 4136->4138 4140 402672 4136->4140 4139 40248c RegCloseKey 4137->4139 4137->4140 4138->4139 4139->4140 4142 4022bd 4143 4022c2 4142->4143 4144 4022ed 4142->4144 4145 402b16 19 API calls 4143->4145 4146 402a0c 18 API calls 4144->4146 4147 4022c9 4145->4147 4149 4022f4 4146->4149 4148 402a0c 18 API calls 4147->4148 4152 40230a 4147->4152 4150 4022da RegDeleteValueA RegCloseKey 4148->4150 4153 402a4c RegOpenKeyExA 4149->4153 4150->4152 4155 402a77 4153->4155 4161 402ac3 4153->4161 4154 402a9d RegEnumKeyA 4154->4155 4156 402aaf RegCloseKey 4154->4156 4155->4154 4155->4156 4158 402ad4 RegCloseKey 4155->4158 4159 402a4c 5 API calls 4155->4159 4157 405f2d 5 API calls 4156->4157 4160 402abf 4157->4160 4158->4161 4159->4155 4160->4161 4162 402aef RegDeleteKeyA 4160->4162 4161->4152 4162->4161

                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                              Function 0040310D Relevance: 86.1, APIs: 26, Strings: 23, Instructions: 313stringfilecomCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 0 40310d-403141 SetErrorMode GetVersion 1 403143-40314b call 405f2d 0->1 2 403154-4031e4 call 405ec3 * 3 call 405f2d * 2 #17 OleInitialize SHGetFileInfoA call 405ba1 GetCommandLineA call 405ba1 GetModuleHandleA 0->2 1->2 7 40314d 1->7 20 4031f0-403205 call 4056bf CharNextA 2->20 21 4031e6-4031eb 2->21 7->2 24 40326a-40326e 20->24 21->20 25 403270 24->25 26 403207-40320a 24->26 29 403283-40329b GetTempPathA call 4030dc 25->29 27 403212-40321a 26->27 28 40320c-403210 26->28 31 403222-403225 27->31 32 40321c-40321d 27->32 28->27 28->28 38 4032bd-4032d4 DeleteFileA call 402c38 29->38 39 40329d-4032bb GetWindowsDirectoryA lstrcatA call 4030dc 29->39 33 403227-40322b 31->33 34 40325a-403267 call 4056bf 31->34 32->31 36 40323b-403241 33->36 37 40322d-403236 33->37 34->24 51 403269 34->51 43 403251-403258 36->43 44 403243-40324c 36->44 37->36 41 403238 37->41 52 40333b-40334a ExitProcess OleUninitialize 38->52 53 4032d6-4032dc 38->53 39->38 39->52 41->36 43->34 49 403272-40327e call 405ba1 43->49 44->43 48 40324e 44->48 48->43 49->29 51->24 57 403350-403360 call 405462 ExitProcess 52->57 58 40345f-403465 52->58 55 40332b-403332 call 4035f4 53->55 56 4032de-4032e7 call 4056bf 53->56 65 403337 55->65 71 4032f2-4032f4 56->71 59 403502-40350a 58->59 60 40346b-403488 call 405f2d * 3 58->60 66 403510-403514 ExitProcess 59->66 67 40350c 59->67 88 4034d2-4034e0 call 405f2d 60->88 89 40348a-40348c 60->89 65->52 67->66 72 4032f6-403300 71->72 73 4032e9-4032ef 71->73 75 403302-40330f call 405775 72->75 76 403366-40337a call 4053e9 lstrcatA 72->76 73->72 78 4032f1 73->78 75->52 87 403311-403327 call 405ba1 * 2 75->87 85 403387-4033a1 lstrcatA lstrcmpiA 76->85 86 40337c-403382 lstrcatA 76->86 78->71 85->52 91 4033a3-4033a6 85->91 86->85 87->55 99 4034e2-4034ec 88->99 100 4034ee-4034f9 ExitWindowsEx 88->100 89->88 93 40348e-403490 89->93 95 4033a8-4033ad call 40534f 91->95 96 4033af call 4053cc 91->96 93->88 98 403492-4034a4 GetCurrentProcess 93->98 107 4033b4-4033c1 SetCurrentDirectoryA 95->107 96->107 98->88 113 4034a6-4034c8 98->113 99->100 106 4034fb-4034fd call 40140b 99->106 100->59 100->106 106->59 111 4033c3-4033c9 call 405ba1 107->111 112 4033ce-4033e8 call 405ba1 107->112 111->112 118 4033ed-403409 call 405bc3 DeleteFileA 112->118 113->88 121 40344a-403451 118->121 122 40340b-40341b CopyFileA 118->122 121->118 124 403453-40345a call 4058ef 121->124 122->121 123 40341d-40343d call 4058ef call 405bc3 call 405401 122->123 123->121 133 40343f-403446 CloseHandle 123->133 124->52 133->121
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32 ref: 00403131
                                                                                                                                                                                                                                              • GetVersion.KERNEL32 ref: 00403137
                                                                                                                                                                                                                                              • #17.COMCTL32(0000000B,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00403185
                                                                                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 0040318C
                                                                                                                                                                                                                                              • SHGetFileInfoA.SHELL32(00429078,00000000,?,00000160,00000000), ref: 004031A8
                                                                                                                                                                                                                                              • GetCommandLineA.KERNEL32(Fast! Setup,NSIS Error), ref: 004031BD
                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\Setup (1).exe",00000000), ref: 004031D0
                                                                                                                                                                                                                                              • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Setup (1).exe",00409188), ref: 004031FB
                                                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040328E
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032A3
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032AF
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(1033), ref: 004032C2
                                                                                                                                                                                                                                                • Part of subcall function 00405F2D: GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                • Part of subcall function 00405F2D: GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32(00000000), ref: 0040333B
                                                                                                                                                                                                                                              • OleUninitialize.OLE32(00000000), ref: 00403340
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403360
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Setup (1).exe",00000000,00000000), ref: 00403373
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Setup (1).exe",00000000,00000000), ref: 00403382
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Setup (1).exe",00000000,00000000), ref: 0040338D
                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop), ref: 00403399
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033B5
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00428C78,00428C78,?,C:\Users\user\AppData\Local\Temp\nsw39B6.tmp,?), ref: 004033FF
                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(C:\Users\user\Desktop\Setup (1).exe,00428C78,00000001), ref: 00403413
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00428C78,00428C78,?,00428C78,00000000), ref: 00403440
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403499
                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 004034F1
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403514
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExitFileProcesslstrcat$Handle$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpi
                                                                                                                                                                                                                                              • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\Setup (1).exe"$.tmp$1033$C:\Program Files (x86)\Fast!$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsw39B6.tmp$C:\Users\user\Desktop$C:\Users\user\Desktop\Setup (1).exe$Error launching installer$Fast! Setup$NCRC$NSIS Error$SETUPAPI$SeShutdownPrivilege$USERENV$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                              • API String ID: 2193684524-2935806543
                                                                                                                                                                                                                                              • Opcode ID: efbb3eae5aa99f274589bdc9860b71f913c988c5d0d561142775f82ee96160fe
                                                                                                                                                                                                                                              • Instruction ID: 451575da7f46b68c591153a14feb1e54add6b468c03afba2ffefeba693a227d9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: efbb3eae5aa99f274589bdc9860b71f913c988c5d0d561142775f82ee96160fe
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55A1E3705083416AE7216F629C4AF6B7EACEB4570AF04047FF541B61D2CB7C9A058A6F
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404FCB Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 134 404fcb-404fe6 135 405177-40517e 134->135 136 404fec-4050b5 GetDlgItem * 3 call 403e92 call 40472f GetClientRect GetSystemMetrics SendMessageA * 2 134->136 138 405180-4051a2 GetDlgItem CreateThread CloseHandle 135->138 139 4051a8-4051b5 135->139 158 4050d3-4050d6 136->158 159 4050b7-4050d1 SendMessageA * 2 136->159 138->139 141 4051d3-4051da 139->141 142 4051b7-4051bd 139->142 146 405231-405235 141->146 147 4051dc-4051e2 141->147 144 4051f5-4051fe call 403ec4 142->144 145 4051bf-4051ce ShowWindow * 2 call 403e92 142->145 155 405203-405207 144->155 145->141 146->144 152 405237-40523a 146->152 148 4051e4-4051f0 call 403e36 147->148 149 40520a-40521a ShowWindow 147->149 148->144 156 40522a-40522c call 403e36 149->156 157 40521c-405225 call 404e8d 149->157 152->144 160 40523c-40524f SendMessageA 152->160 156->146 157->156 163 4050e6-4050fd call 403e5d 158->163 164 4050d8-4050e4 SendMessageA 158->164 159->158 165 405255-405276 CreatePopupMenu call 405bc3 AppendMenuA 160->165 166 405348-40534a 160->166 173 405133-405154 GetDlgItem SendMessageA 163->173 174 4050ff-405113 ShowWindow 163->174 164->163 171 405278-405289 GetWindowRect 165->171 172 40528b-405291 165->172 166->155 175 405294-4052ac TrackPopupMenu 171->175 172->175 173->166 178 40515a-405172 SendMessageA * 2 173->178 176 405122 174->176 177 405115-405120 ShowWindow 174->177 175->166 179 4052b2-4052c9 175->179 180 405128-40512e call 403e92 176->180 177->180 178->166 181 4052ce-4052e9 SendMessageA 179->181 180->173 181->181 183 4052eb-40530b OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 181->183 184 40530d-40532c SendMessageA 183->184 184->184 185 40532e-405342 GlobalUnlock SetClipboardData CloseClipboard 184->185 185->166
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 0040502A
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 00405039
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00405076
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000015), ref: 0040507E
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 0040509F
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050B0
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050C3
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050D1
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001024,00000000,?), ref: 004050E4
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405106
                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 0040511A
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040513B
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 0040514B
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405164
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405170
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 00405048
                                                                                                                                                                                                                                                • Part of subcall function 00403E92: SendMessageA.USER32(00000028,?,00000001,00403CC3), ref: 00403EA0
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040518D
                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00004F5F,00000000), ref: 0040519B
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004051A2
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 004051C6
                                                                                                                                                                                                                                              • ShowWindow.USER32(00020410,00000008), ref: 004051CB
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000008), ref: 00405212
                                                                                                                                                                                                                                              • SendMessageA.USER32(00020410,00001004,00000000,00000000), ref: 00405244
                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00405255
                                                                                                                                                                                                                                              • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 0040526A
                                                                                                                                                                                                                                              • GetWindowRect.USER32(00020410,?), ref: 0040527D
                                                                                                                                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004052A1
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052DC
                                                                                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 004052EC
                                                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 004052F2
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052FB
                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405305
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405319
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405331
                                                                                                                                                                                                                                              • SetClipboardData.USER32(00000001,00000000), ref: 0040533C
                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 00405342
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                              • String ID: {$~I
                                                                                                                                                                                                                                              • API String ID: 590372296-1938936386
                                                                                                                                                                                                                                              • Opcode ID: 7c969585dd39d009cc1e02a2334c0b9a42a5dd862372eacb49a1290c3c060fea
                                                                                                                                                                                                                                              • Instruction ID: 9773a58430cbfeecb670b401eb949321dafbae4239e93fa01985779c5be3160a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c969585dd39d009cc1e02a2334c0b9a42a5dd862372eacb49a1290c3c060fea
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADA14A70900208BFDB11AFA1DC89AAE7F79FB08354F40853AFA04BA1A0C7755A51DF99
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004054C6 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 491 4054c6-4054e1 call 405775 494 4054e3-4054f5 DeleteFileA 491->494 495 4054fa-405504 491->495 496 40568e-405691 494->496 497 405506-405508 495->497 498 405518-405526 call 405ba1 495->498 499 405639-40563f 497->499 500 40550e-405512 497->500 506 405535-405536 call 4056db 498->506 507 405528-405533 lstrcatA 498->507 499->496 502 405641-405644 499->502 500->498 500->499 504 405646-40564c 502->504 505 40564e-405656 call 405e9c 502->505 504->496 505->496 515 405658-40566d call 405694 call 405859 RemoveDirectoryA 505->515 509 40553b-40553e 506->509 507->509 511 405540-405547 509->511 512 405549-40554f lstrcatA 509->512 511->512 514 405554-405572 lstrlenA FindFirstFileA 511->514 512->514 516 405578-40558f call 4056bf 514->516 517 40562f-405633 514->517 530 405686-405689 call 404e8d 515->530 531 40566f-405673 515->531 524 405591-405595 516->524 525 40559a-40559d 516->525 517->499 519 405635 517->519 519->499 524->525 527 405597 524->527 528 4055b0-4055be call 405ba1 525->528 529 40559f-4055a4 525->529 527->525 542 4055c0-4055c8 528->542 543 4055d5-4055e4 call 405859 DeleteFileA 528->543 533 4055a6-4055a8 529->533 534 40560e-405620 FindNextFileA 529->534 530->496 531->504 536 405675-405684 call 404e8d call 4058ef 531->536 533->528 539 4055aa-4055ae 533->539 534->516 537 405626-405629 FindClose 534->537 536->496 537->517 539->528 539->534 542->534 544 4055ca-4055d3 call 4054c6 542->544 551 405606-405609 call 404e8d 543->551 552 4055e6-4055ea 543->552 544->534 551->534 553 4055ec-4055fc call 404e8d call 4058ef 552->553 554 4055fe-405604 552->554 553->534 554->534
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004054E4
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040552E
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040554F
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405555
                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405566
                                                                                                                                                                                                                                              • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 00405618
                                                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 00405629
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                              • String ID: "C:\Users\user\Desktop\Setup (1).exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\*.*$\*.*
                                                                                                                                                                                                                                              • API String ID: 2035342205-955344997
                                                                                                                                                                                                                                              • Opcode ID: 74f2121813b91fa0b44fb586efb307df28f6166ed0feab1c497f80d0b841f1b9
                                                                                                                                                                                                                                              • Instruction ID: 7349ebf4964971957ddff473b41d0a41d9b63905a7032000284e6e99f459cf31
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 74f2121813b91fa0b44fb586efb307df28f6166ed0feab1c497f80d0b841f1b9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C51F130404A487ADB226B228C45BBF3A69DF42318F50853BF909711D1DB7D9982DE6E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405E9C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,0042C110,C:\,004057B8,C:\,C:\,00000000,C:\,C:\,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EA7
                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405EB3
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                              • String ID: C:\
                                                                                                                                                                                                                                              • API String ID: 2295610775-3404278061
                                                                                                                                                                                                                                              • Opcode ID: 6aebaf9d7798dbd017b42e649449a55c665c1a78b7402752724ce15f47781116
                                                                                                                                                                                                                                              • Instruction ID: c926c128dd9a58e72073d921ff5d887e323c8f6286bbbccf5b0fc9dd9174debe
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6aebaf9d7798dbd017b42e649449a55c665c1a78b7402752724ce15f47781116
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60D0C931A0A4205BD3011738AD0985B7A589B453713108E32F565F62E1D37899628AED
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040398A Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 186 40398a-40399c 187 4039a2-4039a8 186->187 188 403add-403aec 186->188 187->188 189 4039ae-4039b7 187->189 190 403b3b-403b50 188->190 191 403aee-403b36 GetDlgItem * 2 call 403e5d SetClassLongA call 40140b 188->191 192 4039b9-4039c6 SetWindowPos 189->192 193 4039cc-4039cf 189->193 195 403b90-403b95 call 403ea9 190->195 196 403b52-403b55 190->196 191->190 192->193 198 4039d1-4039e3 ShowWindow 193->198 199 4039e9-4039ef 193->199 204 403b9a-403bb5 195->204 201 403b57-403b62 call 401389 196->201 202 403b88-403b8a 196->202 198->199 205 4039f1-403a06 DestroyWindow 199->205 206 403a0b-403a0e 199->206 201->202 217 403b64-403b83 SendMessageA 201->217 202->195 203 403e2a 202->203 212 403e2c-403e33 203->212 210 403bb7-403bb9 call 40140b 204->210 211 403bbe-403bc4 204->211 213 403e07-403e0d 205->213 215 403a10-403a1c SetWindowLongA 206->215 216 403a21-403a27 206->216 210->211 220 403de8-403e01 DestroyWindow KiUserCallbackDispatcher 211->220 221 403bca-403bd5 211->221 213->203 218 403e0f-403e15 213->218 215->212 222 403aca-403ad8 call 403ec4 216->222 223 403a2d-403a3e GetDlgItem 216->223 217->212 218->203 225 403e17-403e20 ShowWindow 218->225 220->213 221->220 226 403bdb-403c28 call 405bc3 call 403e5d * 3 GetDlgItem 221->226 222->212 227 403a40-403a57 SendMessageA IsWindowEnabled 223->227 228 403a5d-403a60 223->228 225->203 256 403c32-403c6e ShowWindow KiUserCallbackDispatcher call 403e7f KiUserCallbackDispatcher 226->256 257 403c2a-403c2f 226->257 227->203 227->228 229 403a62-403a63 228->229 230 403a65-403a68 228->230 233 403a93-403a98 call 403e36 229->233 234 403a76-403a7b 230->234 235 403a6a-403a70 230->235 233->222 237 403ab1-403ac4 SendMessageA 234->237 239 403a7d-403a83 234->239 235->237 238 403a72-403a74 235->238 237->222 238->233 242 403a85-403a8b call 40140b 239->242 243 403a9a-403aa3 call 40140b 239->243 254 403a91 242->254 243->222 252 403aa5-403aaf 243->252 252->254 254->233 260 403c70-403c71 256->260 261 403c73 256->261 257->256 262 403c75-403ca3 GetSystemMenu EnableMenuItem SendMessageA 260->262 261->262 263 403ca5-403cb6 SendMessageA 262->263 264 403cb8 262->264 265 403cbe-403cf7 call 403e92 call 405ba1 lstrlenA call 405bc3 SetWindowTextA call 401389 263->265 264->265 265->204 274 403cfd-403cff 265->274 274->204 275 403d05-403d09 274->275 276 403d28-403d3c DestroyWindow 275->276 277 403d0b-403d11 275->277 276->213 279 403d42-403d6f CreateDialogParamA 276->279 277->203 278 403d17-403d1d 277->278 278->204 280 403d23 278->280 279->213 281 403d75-403dcc call 403e5d GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 279->281 280->203 281->203 286 403dce-403de1 ShowWindow call 403ea9 281->286 288 403de6 286->288 288->213
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039C6
                                                                                                                                                                                                                                              • ShowWindow.USER32(?), ref: 004039E3
                                                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 004039F7
                                                                                                                                                                                                                                              • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A13
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00403A34
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A48
                                                                                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00403A4F
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00403AFD
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00403B07
                                                                                                                                                                                                                                              • SetClassLongA.USER32(?,000000F2,?), ref: 00403B21
                                                                                                                                                                                                                                              • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B72
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 00403C18
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00403C39
                                                                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403C4B
                                                                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403C66
                                                                                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C7C
                                                                                                                                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 00403C83
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403C9B
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CAE
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0042A0C0,?,0042A0C0,Fast! Setup), ref: 00403CD7
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,0042A0C0), ref: 00403CE6
                                                                                                                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 00403E1A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Item$MessageSend$Show$CallbackDispatcherLongMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
                                                                                                                                                                                                                                              • String ID: Fast! Setup$~I
                                                                                                                                                                                                                                              • API String ID: 1252290697-1159256750
                                                                                                                                                                                                                                              • Opcode ID: e096b93ea5b7783a81310001908940047f79c27f8b6241b5c6e2750e84b113f1
                                                                                                                                                                                                                                              • Instruction ID: 5f76212842cc3a2ea0064beba359403a4e9feef3dd5448b927816276c7a72de1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e096b93ea5b7783a81310001908940047f79c27f8b6241b5c6e2750e84b113f1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BC1D431604205ABDB216F62ED85D2B3EACFB49706F40053EF541B62E1C739A942DF6E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004035F4 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 289 4035f4-40360c call 405f2d 292 403620-403647 call 405a88 289->292 293 40360e-40361e call 405aff 289->293 297 403649-40365a call 405a88 292->297 298 40365f-403665 lstrcatA 292->298 301 40366a-403693 call 4038bd call 405775 293->301 297->298 298->301 307 403699-40369e 301->307 308 40371a-403722 call 405775 301->308 307->308 309 4036a0-4036c4 call 405a88 307->309 313 403730-403755 LoadImageA 308->313 314 403724-40372b call 405bc3 308->314 309->308 319 4036c6-4036c8 309->319 317 4037e4-4037ec call 40140b 313->317 318 40375b-403791 RegisterClassA 313->318 314->313 332 4037f6-403801 call 4038bd 317->332 333 4037ee-4037f1 317->333 322 4038b3 318->322 323 403797-4037df SystemParametersInfoA CreateWindowExA 318->323 320 4036d9-4036e5 lstrlenA 319->320 321 4036ca-4036d7 call 4056bf 319->321 327 4036e7-4036f5 lstrcmpiA 320->327 328 40370d-403715 call 405694 call 405ba1 320->328 321->320 326 4038b5-4038bc 322->326 323->317 327->328 331 4036f7-403701 GetFileAttributesA 327->331 328->308 335 403703-403705 331->335 336 403707-403708 call 4056db 331->336 342 403807-403821 ShowWindow call 405ec3 332->342 343 40388a-40388b call 404f5f 332->343 333->326 335->328 335->336 336->328 350 403823-403828 call 405ec3 342->350 351 40382d-40383f GetClassInfoA 342->351 346 403890-403892 343->346 348 403894-40389a 346->348 349 4038ac-4038ae call 40140b 346->349 348->333 356 4038a0-4038a7 call 40140b 348->356 349->322 350->351 354 403841-403851 GetClassInfoA RegisterClassA 351->354 355 403857-40387a DialogBoxParamA call 40140b 351->355 354->355 359 40387f-403888 call 403544 355->359 356->333 359->326
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00405F2D: GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                • Part of subcall function 00405F2D: GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(1033,0042A0C0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0C0,00000000,00000003,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\Setup (1).exe",00000000), ref: 00403665
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0042DBE0,?,?,?,0042DBE0,00000000,C:\Program Files (x86)\Fast!,1033,0042A0C0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0C0,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036DA
                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,.exe), ref: 004036ED
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(0042DBE0), ref: 004036F8
                                                                                                                                                                                                                                              • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\Fast!), ref: 00403741
                                                                                                                                                                                                                                                • Part of subcall function 00405AFF: wsprintfA.USER32 ref: 00405B0C
                                                                                                                                                                                                                                              • RegisterClassA.USER32 ref: 00403788
                                                                                                                                                                                                                                              • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004037A0
                                                                                                                                                                                                                                              • CreateWindowExA.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 004037D9
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 0040380F
                                                                                                                                                                                                                                              • GetClassInfoA.USER32(00000000,RichEdit20A,0042E3E0), ref: 0040383B
                                                                                                                                                                                                                                              • GetClassInfoA.USER32(00000000,RichEdit,0042E3E0), ref: 00403848
                                                                                                                                                                                                                                              • RegisterClassA.USER32(0042E3E0), ref: 00403851
                                                                                                                                                                                                                                              • DialogBoxParamA.USER32(?,00000000,0040398A,00000000), ref: 00403870
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                              • String ID: "C:\Users\user\Desktop\Setup (1).exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$elete file: $B
                                                                                                                                                                                                                                              • API String ID: 1975747703-2843786699
                                                                                                                                                                                                                                              • Opcode ID: 9dc4455a64ac2445572d32c1471da8ac384815c2cb05422081bc661430fef34c
                                                                                                                                                                                                                                              • Instruction ID: 069ef0fb9a42e1b4956c000ddcdb280bce5473b1ca4ea0d36e0de5988d82752f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9dc4455a64ac2445572d32c1471da8ac384815c2cb05422081bc661430fef34c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE61D8B16442007FD220AFA69C45F273A6CEB44749F44457FF940B32D1CA7DA9018A7E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402C38 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 363 402c38-402c86 GetTickCount GetModuleFileNameA call 405878 366 402c92-402cc0 call 405ba1 call 4056db call 405ba1 GetFileSize 363->366 367 402c88-402c8d 363->367 375 402cc6 366->375 376 402dad-402dbb call 402bd4 366->376 368 402e6a-402e6e 367->368 378 402ccb-402ce2 375->378 383 402e10-402e15 376->383 384 402dbd-402dc0 376->384 379 402ce4 378->379 380 402ce6-402ce8 call 403093 378->380 379->380 385 402ced-402cef 380->385 383->368 386 402dc2-402dd3 call 4030c5 call 403093 384->386 387 402de4-402e0e GlobalAlloc call 4030c5 call 402e71 384->387 389 402cf5-402cfc 385->389 390 402e17-402e1f call 402bd4 385->390 403 402dd8-402dda 386->403 387->383 414 402e21-402e32 387->414 393 402d78-402d7c 389->393 394 402cfe-402d12 call 405839 389->394 390->383 398 402d86-402d8c 393->398 399 402d7e-402d85 call 402bd4 393->399 394->398 412 402d14-402d1b 394->412 405 402d9b-402da5 398->405 406 402d8e-402d98 call 405f9c 398->406 399->398 403->383 409 402ddc-402de2 403->409 405->378 413 402dab 405->413 406->405 409->383 409->387 412->398 416 402d1d-402d24 412->416 413->376 417 402e34 414->417 418 402e3a-402e3f 414->418 416->398 420 402d26-402d2d 416->420 417->418 419 402e40-402e46 418->419 419->419 421 402e48-402e63 SetFilePointer call 405839 419->421 420->398 422 402d2f-402d36 420->422 425 402e68 421->425 422->398 424 402d38-402d58 422->424 424->383 426 402d5e-402d62 424->426 425->368 427 402d64-402d68 426->427 428 402d6a-402d72 426->428 427->413 427->428 428->398 429 402d74-402d76 428->429 429->398
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402C49
                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Setup (1).exe,00000400), ref: 00402C65
                                                                                                                                                                                                                                                • Part of subcall function 00405878: GetFileAttributesA.KERNEL32(00000003,00402C78,C:\Users\user\Desktop\Setup (1).exe,80000000,00000003), ref: 0040587C
                                                                                                                                                                                                                                                • Part of subcall function 00405878: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040589E
                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Setup (1).exe,C:\Users\user\Desktop\Setup (1).exe,80000000,00000003), ref: 00402CB1
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Error launching installer, xrefs: 00402C88
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C42
                                                                                                                                                                                                                                              • C:\Users\user\Desktop, xrefs: 00402C93, 00402C98, 00402C9E
                                                                                                                                                                                                                                              • Null, xrefs: 00402D2F
                                                                                                                                                                                                                                              • soft, xrefs: 00402D26
                                                                                                                                                                                                                                              • Inst, xrefs: 00402D1D
                                                                                                                                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E10
                                                                                                                                                                                                                                              • C:\Users\user\Desktop\Setup (1).exe, xrefs: 00402C4F, 00402C5E, 00402C72, 00402C92
                                                                                                                                                                                                                                              • "C:\Users\user\Desktop\Setup (1).exe", xrefs: 00402C38
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                              • String ID: "C:\Users\user\Desktop\Setup (1).exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Setup (1).exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                                                                              • API String ID: 4283519449-4081428632
                                                                                                                                                                                                                                              • Opcode ID: 52dd5125f2beb4c5a01725ee1ecfb7cda6383a0ef784e60b7ebdc9a7c5e8d2b4
                                                                                                                                                                                                                                              • Instruction ID: d5d64c7dde767481ec9b836f5bb8cc7fe4476435a14377af370c0b56c56fa9d6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52dd5125f2beb4c5a01725ee1ecfb7cda6383a0ef784e60b7ebdc9a7c5e8d2b4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B51D971901214ABDB219FA6DE89B9E7BB8FB40354F10413BF900B62D1D7BC9D418B9D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405BC3 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 197stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 430 405bc3-405bce 431 405bd0-405bdf 430->431 432 405be1-405bfe 430->432 431->432 433 405de0-405de4 432->433 434 405c04-405c0b 432->434 435 405c10-405c1a 433->435 436 405dea-405df4 433->436 434->433 435->436 437 405c20-405c27 435->437 438 405df6-405dfa call 405ba1 436->438 439 405dff-405e00 436->439 440 405dd3 437->440 441 405c2d-405c62 437->441 438->439 443 405dd5-405ddb 440->443 444 405ddd-405ddf 440->444 445 405c68-405c73 GetVersion 441->445 446 405d7d-405d80 441->446 443->433 444->433 447 405c75-405c79 445->447 448 405c8d 445->448 449 405db0-405db3 446->449 450 405d82-405d85 446->450 447->448 451 405c7b-405c7f 447->451 454 405c94-405c9b 448->454 455 405dc1-405dd1 lstrlenA 449->455 456 405db5-405dbc call 405bc3 449->456 452 405d95-405da1 call 405ba1 450->452 453 405d87-405d93 call 405aff 450->453 451->448 457 405c81-405c85 451->457 467 405da6-405dac 452->467 453->467 459 405ca0-405ca2 454->459 460 405c9d-405c9f 454->460 455->433 456->455 457->448 463 405c87-405c8b 457->463 465 405ca4-405cbf call 405a88 459->465 466 405cdb-405cde 459->466 460->459 463->454 475 405cc4-405cc7 465->475 468 405ce0-405cec GetSystemDirectoryA 466->468 469 405cee-405cf1 466->469 467->455 471 405dae 467->471 472 405d5f-405d62 468->472 473 405cf3-405d01 GetWindowsDirectoryA 469->473 474 405d5b-405d5d 469->474 476 405d75-405d7b call 405e03 471->476 472->476 479 405d64-405d68 472->479 473->474 474->472 478 405d03-405d0d 474->478 475->479 480 405ccd-405cd6 call 405bc3 475->480 476->455 483 405d27-405d3d SHGetSpecialFolderLocation 478->483 484 405d0f-405d12 478->484 479->476 481 405d6a-405d70 lstrcatA 479->481 480->472 481->476 488 405d58 483->488 489 405d3f-405d56 SHGetPathFromIDListA CoTaskMemFree 483->489 484->483 487 405d14-405d1b 484->487 490 405d23-405d25 487->490 488->474 489->472 489->488 490->472 490->483
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetVersion.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,00404EC5,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000), ref: 00405C6B
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32(0042DBE0,00000400), ref: 00405CE6
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(0042DBE0,00000400), ref: 00405CF9
                                                                                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(?,0041B668), ref: 00405D35
                                                                                                                                                                                                                                              • SHGetPathFromIDListA.SHELL32(0041B668,0042DBE0), ref: 00405D43
                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(0041B668), ref: 00405D4E
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(0042DBE0,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D70
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0042DBE0,00000000,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,00404EC5,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000), ref: 00405DC2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion, xrefs: 00405CB5
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\nsw39B6.tmp, xrefs: 00405D9A
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\, xrefs: 00405BF4
                                                                                                                                                                                                                                              • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00405D6A
                                                                                                                                                                                                                                              • kI, xrefs: 00405BD0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\$C:\Users\user\AppData\Local\Temp\nsw39B6.tmp$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$kI
                                                                                                                                                                                                                                              • API String ID: 900638850-1280437956
                                                                                                                                                                                                                                              • Opcode ID: ed8c6b9eda11198c9f487f793d8048b2266bdc298f04fd86fca6ea968bbf239d
                                                                                                                                                                                                                                              • Instruction ID: fa1e0b9f47c9474f0aa02006464afd466a30f7754b548aa089decd5b8df859b0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed8c6b9eda11198c9f487f793d8048b2266bdc298f04fd86fca6ea968bbf239d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8512531A04A15ABEB205B698C88BBB3B64DF11314F54827BE511BA2D0D37C5942DF4E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402E71 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 174fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 560 402e71-402e85 561 402e87 560->561 562 402e8e-402e97 560->562 561->562 563 402ea0-402ea5 562->563 564 402e99 562->564 565 402eb5-402ec2 call 403093 563->565 566 402ea7-402eb0 call 4030c5 563->566 564->563 570 402ec8-402ecc 565->570 571 40303e 565->571 566->565 573 402ed2-402f1b GetTickCount 570->573 574 403027-403029 570->574 572 403040-403041 571->572 577 40308c-403090 572->577 575 402f21-402f29 573->575 576 403089 573->576 578 40302b-40302e 574->578 579 40307e-403082 574->579 580 402f2b 575->580 581 402f2e-402f3c call 403093 575->581 576->577 584 403030 578->584 585 403033-40303c call 403093 578->585 582 403043-403049 579->582 583 403084 579->583 580->581 581->571 594 402f42-402f4b 581->594 587 40304b 582->587 588 40304e-40305c call 403093 582->588 583->576 584->585 585->571 593 403086 585->593 587->588 588->571 597 40305e-403071 WriteFile 588->597 593->576 596 402f51-402f71 call 40600a 594->596 603 402f77-402f8a GetTickCount 596->603 604 40301f-403021 596->604 599 403023-403025 597->599 600 403073-403076 597->600 599->572 600->599 602 403078-40307b 600->602 602->579 605 402f8c-402f94 603->605 606 402fcf-402fd3 603->606 604->572 609 402f96-402f9a 605->609 610 402f9c-402fcc MulDiv wsprintfA call 404e8d 605->610 607 403014-403017 606->607 608 402fd5-402fd8 606->608 607->575 613 40301d 607->613 611 402ffa-403005 608->611 612 402fda-402fee WriteFile 608->612 609->606 609->610 610->606 616 403008-40300c 611->616 612->599 615 402ff0-402ff3 612->615 613->576 615->599 618 402ff5-402ff8 615->618 616->596 619 403012 616->619 618->616 619->576
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402ED8
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402F7F
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402FA8
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00402FB8
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,0041B668,7FFFFFFF,00000000), ref: 00402FE6
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CountTick$FileWritewsprintf
                                                                                                                                                                                                                                              • String ID: ... %d%%$hLA$hLA$vdA
                                                                                                                                                                                                                                              • API String ID: 4209647438-2367115750
                                                                                                                                                                                                                                              • Opcode ID: 15830b5729e274ba0f97a3d7cbff5ebb3cba57926562ea921e29536335055c53
                                                                                                                                                                                                                                              • Instruction ID: 8a95cf2a137d7550cfd21daf0583010478331d15a29cb338fc351ae0d0d0651f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15830b5729e274ba0f97a3d7cbff5ebb3cba57926562ea921e29536335055c53
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D261AE7190221AEBDB10DFA5DA44AAF7BB8EB40355F10417BF910B72C4D7789A40CBE9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401734 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 620 401734-401757 call 402a0c call 405701 625 401761-401773 call 405ba1 call 405694 lstrcatA 620->625 626 401759-40175f call 405ba1 620->626 631 401778-40177e call 405e03 625->631 626->631 636 401783-401787 631->636 637 401789-401793 call 405e9c 636->637 638 4017ba-4017bd 636->638 645 4017a5-4017b7 637->645 646 401795-4017a3 CompareFileTime 637->646 640 4017c5-4017e1 call 405878 638->640 641 4017bf-4017c0 call 405859 638->641 648 4017e3-4017e6 640->648 649 401859-401882 call 404e8d call 402e71 640->649 641->640 645->638 646->645 651 4017e8-40182a call 405ba1 * 2 call 405bc3 call 405ba1 call 405462 648->651 652 40183b-401845 call 404e8d 648->652 663 401884-401888 649->663 664 40188a-401896 SetFileTime 649->664 651->636 684 401830-401831 651->684 661 40184e-401854 652->661 665 4028aa 661->665 663->664 667 40189c-4018a7 FindCloseChangeNotification 663->667 664->667 669 4028ac-4028b0 665->669 670 4028a1-4028a4 667->670 671 4018ad-4018b0 667->671 670->665 673 4018b2-4018c3 call 405bc3 lstrcatA 671->673 674 4018c5-4018c8 call 405bc3 671->674 678 4018cd-402229 call 405462 673->678 674->678 678->669 687 402672-402679 678->687 684->661 686 401833-401834 684->686 686->652 687->670
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,00000000,C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exe,C:\Program Files (x86)\Fast!,00000000,00000000,00000031), ref: 00401773
                                                                                                                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exe,C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exe,00000000,00000000,C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exe,C:\Program Files (x86)\Fast!,00000000,00000000,00000031), ref: 0040179D
                                                                                                                                                                                                                                                • Part of subcall function 00405BA1: lstrcpynA.KERNEL32(?,?,00000400,004031BD,Fast! Setup,NSIS Error), ref: 00405BAE
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,0041B668,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00402FCC,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,0041B668,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00402FCC,00402FCC,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,0041B668,76F923A0), ref: 00404EE9
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SetWindowTextA.USER32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\), ref: 00404EFB
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                              • String ID: C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp$C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\INetC.dll$C:\Users\user\AppData\Local\Temp\nsw39B6.tmp$C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exe
                                                                                                                                                                                                                                              • API String ID: 1941528284-2934198388
                                                                                                                                                                                                                                              • Opcode ID: d4c726461f8bacecb67542b770aac1b9aae46e51f0a493d73483bca620c5ad01
                                                                                                                                                                                                                                              • Instruction ID: e79ae9243306ab86068bc1e71be5748962656d45b0e0834c5e2f96de839f3da3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4c726461f8bacecb67542b770aac1b9aae46e51f0a493d73483bca620c5ad01
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71419632914514BADF107BB9CC45EAF3679EF01329B20823BF421F11E1D77C9A418A6E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404E8D Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 688 404e8d-404ea2 689 404f58-404f5c 688->689 690 404ea8-404eba 688->690 691 404ec5-404ed1 lstrlenA 690->691 692 404ebc-404ec0 call 405bc3 690->692 694 404ed3-404ee3 lstrlenA 691->694 695 404eee-404ef2 691->695 692->691 694->689 696 404ee5-404ee9 lstrcatA 694->696 697 404f01-404f05 695->697 698 404ef4-404efb SetWindowTextA 695->698 696->695 699 404f07-404f49 SendMessageA * 3 697->699 700 404f4b-404f4d 697->700 698->697 699->700 700->689 701 404f4f-404f52 700->701 701->689
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,0041B668,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00402FCC,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,0041B668,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00402FCC,00402FCC,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,0041B668,76F923A0), ref: 00404EE9
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\), ref: 00404EFB
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\
                                                                                                                                                                                                                                              • API String ID: 2531174081-114457409
                                                                                                                                                                                                                                              • Opcode ID: 85e22b5a9d66ab826639727964249279cde381aefd2cdf83e480412192e81bb7
                                                                                                                                                                                                                                              • Instruction ID: d5e3cfdbeb95b60488c6f1e99959168c2d2eab17d02c72d4f5409838ea1ae410
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85e22b5a9d66ab826639727964249279cde381aefd2cdf83e480412192e81bb7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C21CF71900119BBDF11AFA5CD849DEBFB9EF45354F04807AF608B6290C779AE408FA8
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401F67 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 702 401f67-401f73 703 401f79-401f8f call 402a0c * 2 702->703 704 40202f-402031 702->704 713 401f91-401f9c GetModuleHandleA 703->713 714 401f9e-401fac LoadLibraryExA 703->714 705 40217a-40217f call 401423 704->705 712 4028a1-4028b0 705->712 713->714 716 401fae-401fbc GetProcAddress 713->716 714->716 717 402028-40202a 714->717 719 401ffb-402000 call 404e8d 716->719 720 401fbe-401fc4 716->720 717->705 724 402005-402008 719->724 721 401fc6-401fd2 call 401423 720->721 722 401fdd-401ff1 720->722 721->724 733 401fd4-401fdb 721->733 728 401ff6-401ff9 722->728 724->712 726 40200e-402016 call 403594 724->726 726->712 732 40201c-402023 FreeLibrary 726->732 728->724 732->712 733->724
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F92
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,0041B668,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00402FCC,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,0041B668,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00402FCC,00402FCC,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,0041B668,76F923A0), ref: 00404EE9
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SetWindowTextA.USER32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\), ref: 00404EFB
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FA2
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB2
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\nsw39B6.tmp, xrefs: 00401FE7
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsw39B6.tmp
                                                                                                                                                                                                                                              • API String ID: 2987980305-2064285842
                                                                                                                                                                                                                                              • Opcode ID: 77271a6b5322034cfe6f303821667c40e704e12d7107d6431a06a26c6806cbd5
                                                                                                                                                                                                                                              • Instruction ID: c2750792bbdc63a1f1471102f5095df33ec689d5572da80d747626f78b0a8a56
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77271a6b5322034cfe6f303821667c40e704e12d7107d6431a06a26c6806cbd5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86210B32904115BBDF206FA5CE8CA6E3571BF44358F20423BF901B62E1DBBC49419A5E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 734 4015b3-4015c6 call 402a0c call 405728 739 4015c8-4015e3 call 4056bf CreateDirectoryA 734->739 740 40160a-40160d 734->740 747 401600-401608 739->747 748 4015e5-4015f0 GetLastError 739->748 741 40162d-40217f call 401423 740->741 742 40160f-401628 call 401423 call 405ba1 SetCurrentDirectoryA 740->742 755 4028a1-4028b0 741->755 742->755 747->739 747->740 751 4015f2-4015fb GetFileAttributesA 748->751 752 4015fd 748->752 751->747 751->752 752->747
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00405728: CharNextA.USER32(004054DA,?,C:\,00000000,0040578C,C:\,C:\,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405736
                                                                                                                                                                                                                                                • Part of subcall function 00405728: CharNextA.USER32(00000000), ref: 0040573B
                                                                                                                                                                                                                                                • Part of subcall function 00405728: CharNextA.USER32(00000000), ref: 0040574A
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(00000000,C:\Program Files (x86)\Fast!,00000000,00000000,000000F0), ref: 00401622
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Program Files (x86)\Fast!, xrefs: 00401617
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                                                                                                                              • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                              • API String ID: 3751793516-1788482285
                                                                                                                                                                                                                                              • Opcode ID: 9600dd9018e9461b37e30ba5723a9ce1774d318771259623f716c5f1620301f3
                                                                                                                                                                                                                                              • Instruction ID: bb8d1e4e690ad92a523629274e31cd42690718b140f669fc0321f517961e655e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9600dd9018e9461b37e30ba5723a9ce1774d318771259623f716c5f1620301f3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB010831908140AFDB217B795D44D6F77B49E56365B24063FF491B22E1C53C0941962E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405EC3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 759 405ec3-405ee3 GetSystemDirectoryA 760 405ee5 759->760 761 405ee7-405ee9 759->761 760->761 762 405ef9-405efb 761->762 763 405eeb-405ef3 761->763 765 405efc-405f2a wsprintfA LoadLibraryA 762->765 763->762 764 405ef5-405ef7 763->764 764->765
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405EDA
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00405F13
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(?), ref: 00405F23
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                              • String ID: %s%s.dll$\
                                                                                                                                                                                                                                              • API String ID: 2200240437-500877883
                                                                                                                                                                                                                                              • Opcode ID: bac9a2fc6f46d7ce26ef8fb07d33782f421afe65be062073a8d3b7340457a89d
                                                                                                                                                                                                                                              • Instruction ID: bb15d2e5d25401263bf0b052e26ed8f2ff91206720ea4b5c6b623b775464ebc4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bac9a2fc6f46d7ce26ef8fb07d33782f421afe65be062073a8d3b7340457a89d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FF02B309042095BDB149768DC0DEFB3B5CEB08304F1405BBA1C6E10D2E678ED558FD8
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004058A7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 766 4058a7-4058b1 767 4058b2-4058dc GetTickCount GetTempFileNameA 766->767 768 4058eb-4058ed 767->768 769 4058de-4058e0 767->769 771 4058e5-4058e8 768->771 769->767 770 4058e2 769->770 770->771
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004058BA
                                                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(?,0061736E,00000000,?), ref: 004058D4
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                              • String ID: "C:\Users\user\Desktop\Setup (1).exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                              • API String ID: 1716503409-4241459130
                                                                                                                                                                                                                                              • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                                                                              • Instruction ID: 40dff32a3e5f00750648796d4805ff32b13dc741bded237dc881b6ef32aeca23
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91F0A73734820476E7105E55DC04B9B7F6DDF91750F14C027FD449A1C0D6B4995497A5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 772 401bad-401bc5 call 4029ef * 2 777 401bd1-401bd5 772->777 778 401bc7-401bce call 402a0c 772->778 780 401be1-401be7 777->780 781 401bd7-401bde call 402a0c 777->781 778->777 784 401be9-401bfd call 4029ef * 2 780->784 785 401c2d-401c53 call 402a0c * 2 FindWindowExA 780->785 781->780 795 401c1d-401c2b SendMessageA 784->795 796 401bff-401c1b SendMessageTimeoutA 784->796 797 401c59 785->797 795->797 798 401c5c-401c5f 796->798 797->798 799 4028a1-4028b0 798->799 800 401c65 798->800 800->799
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                              • String ID: !
                                                                                                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                              • Opcode ID: e392da7139347f63c408211002f75456f017542e4151f627b34d3607e76d39d5
                                                                                                                                                                                                                                              • Instruction ID: e2d4d96ca7e059e12ef29128c845d67dbcf5a6688523181a8ec59df7cc8b106d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e392da7139347f63c408211002f75456f017542e4151f627b34d3607e76d39d5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B021A171A44208BFEF01AFB5CD8AAAE7B75EF44344F14407AF501BA1D1D6B88A40DB29
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405775 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00405BA1: lstrcpynA.KERNEL32(?,?,00000400,004031BD,Fast! Setup,NSIS Error), ref: 00405BAE
                                                                                                                                                                                                                                                • Part of subcall function 00405728: CharNextA.USER32(004054DA,?,C:\,00000000,0040578C,C:\,C:\,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405736
                                                                                                                                                                                                                                                • Part of subcall function 00405728: CharNextA.USER32(00000000), ref: 0040573B
                                                                                                                                                                                                                                                • Part of subcall function 00405728: CharNextA.USER32(00000000), ref: 0040574A
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057C8
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057D8
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                              • String ID: C:\
                                                                                                                                                                                                                                              • API String ID: 3248276644-3404278061
                                                                                                                                                                                                                                              • Opcode ID: 0125b7c87d70c91a3d1bb05a748c96933fea46ebfbf371231d4dae2570234416
                                                                                                                                                                                                                                              • Instruction ID: ab519aa84a01e62adc0720e4bc647a0d22f88b68ea54c21d3d29417989d01369
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0125b7c87d70c91a3d1bb05a748c96933fea46ebfbf371231d4dae2570234416
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BF02D29105E5056D622333A1C05A9F1B54CE83364F58453FF854B32D2CB3C8943EDBE
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040355F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,00000000,00403537,00403340,00000000), ref: 00403579
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00403580
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403571
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                              • API String ID: 1100898210-297319885
                                                                                                                                                                                                                                              • Opcode ID: 84b733c7cccae0041813714216a38e771799edba4f139ceaa0c0671ece6e2eb2
                                                                                                                                                                                                                                              • Instruction ID: bfe74e10b2793f4584c914afcf2a54bd359ebf4cfcfa0dffde5489d6b194198f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84b733c7cccae0041813714216a38e771799edba4f139ceaa0c0671ece6e2eb2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCE08C32901030A7DA211F15BC0475ABB6C6B49B32F01456AE801772B083742D424BE8
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401B06 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(004C83A8), ref: 00401B75
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000404), ref: 00401B87
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exe
                                                                                                                                                                                                                                              • API String ID: 3394109436-1775147572
                                                                                                                                                                                                                                              • Opcode ID: ffcc7f9a1f2564f2d2e4ea66ad0d21fee265ee494850c044d7eb880d681283a3
                                                                                                                                                                                                                                              • Instruction ID: cc00a111a875a158010fb0437ff6a2ad2fcab022a3b836d45fe26aacbc009528
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffcc7f9a1f2564f2d2e4ea66ad0d21fee265ee494850c044d7eb880d681283a3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67219376604104ABD710ABA8DEC9E5B72B9FB84314B24453BF611F32D1EB7CB8018B5D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401E1B Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,0041B668,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00402FCC,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,0041B668,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00402FCC,00402FCC,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,00000000,0041B668,76F923A0), ref: 00404EE9
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SetWindowTextA.USER32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\), ref: 00404EFB
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                                • Part of subcall function 00405401: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042C0C8,Error launching installer), ref: 00405426
                                                                                                                                                                                                                                                • Part of subcall function 00405401: CloseHandle.KERNEL32(?), ref: 00405433
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                                                                                                                                                                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 00401E65
                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(?,00000000,000000EB,00000000), ref: 00401E8A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcat
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3954718778-0
                                                                                                                                                                                                                                              • Opcode ID: e841d8ddf44e6fd3969bf6ff50c2407d9c09f79f181b85797a9d06b73955de84
                                                                                                                                                                                                                                              • Instruction ID: 2a50f7c186f8d6ad55db8ec4cc548a4808b9981e8607132828513abc09ff4306
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e841d8ddf44e6fd3969bf6ff50c2407d9c09f79f181b85797a9d06b73955de84
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A016931D04114EBDF21AFA1CD85A9E7B71EF00358F24813BF905B61E1C7B94A81DB9A
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405A88 Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,00405CC4,00000000,00000002,?,00000002,0006EA65,?,00405CC4,80000002,Software\Microsoft\Windows\CurrentVersion,0006EA65,0042DBE0,0049D6DD), ref: 00405AB1
                                                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(0006EA65,?,00000000,00405CC4,0006EA65,00405CC4), ref: 00405AD2
                                                                                                                                                                                                                                              • RegCloseKey.KERNEL32(?), ref: 00405AF3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3677997916-0
                                                                                                                                                                                                                                              • Opcode ID: 67b3e0d3ded8972df4b5bccd868b78f6ad8d4f27bd32828d0c76414c952c029f
                                                                                                                                                                                                                                              • Instruction ID: 73a274855f42cec9a7ce3e58aeff3d3433a4445e8632c2ebf8a036d33102cd28
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67b3e0d3ded8972df4b5bccd868b78f6ad8d4f27bd32828d0c76414c952c029f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8701487114020AEFDF128F64EC88AEB3FACEF14358F004126F904A6160D235D964DFA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401DC1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ShellExecuteA.SHELL32(?,00000000,00000000,00000000,C:\Program Files (x86)\Fast!,?), ref: 00401E07
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Program Files (x86)\Fast!, xrefs: 00401DF2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExecuteShell
                                                                                                                                                                                                                                              • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                              • API String ID: 587946157-1788482285
                                                                                                                                                                                                                                              • Opcode ID: 77df207de77508185c8c9cb82d9d74c621a57b79e033ef8b57d7c9527209f2e4
                                                                                                                                                                                                                                              • Instruction ID: ba14c07d206d1718bc9d8e8203e48321a71375e296f6bcf92d5e814be43a876d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77df207de77508185c8c9cb82d9d74c621a57b79e033ef8b57d7c9527209f2e4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6F0FC32B041406AD711BBB59D8EE5E2B659F41324F100637F400F71D2DDFC88415718
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403E36 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000408,?,00000000,00403A98), ref: 00403E54
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                              • String ID: x
                                                                                                                                                                                                                                              • API String ID: 3850602802-2363233923
                                                                                                                                                                                                                                              • Opcode ID: e6e6a61ead4af85831cb67e27b83a0ab76bdf8c14621e6abc8975df18522f4f8
                                                                                                                                                                                                                                              • Instruction ID: 01e630482bc5aa7651d2843b03b3bb467686e88fed72d651a0a9240d5e30c69e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6e6a61ead4af85831cb67e27b83a0ab76bdf8c14621e6abc8975df18522f4f8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3DC01236648201EADA245B42EE04B067A20B768B02F208039F341240B5C6301622EB0E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040251C Relevance: 3.1, APIs: 2, Instructions: 79fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,00000001,?,?,?,00000002), ref: 00402568
                                                                                                                                                                                                                                                • Part of subcall function 00405AFF: wsprintfA.USER32 ref: 00405B0C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileReadwsprintf
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3326442220-0
                                                                                                                                                                                                                                              • Opcode ID: b477d60ff94f73c1c0bb044503b76951384e81d4576d319d4125a1203f1dc534
                                                                                                                                                                                                                                              • Instruction ID: 19eab3b86d9b75e5e7be3b308233c29603b61c08bd2d52ff7fc178e77211348e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b477d60ff94f73c1c0bb044503b76951384e81d4576d319d4125a1203f1dc534
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D821F871C04199BFDF318B988E596AEBB749F01304F14417BE581B62D1C6BC8A81CB1D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                              • Opcode ID: 42849ed48d919fde42c0d44f840d19e9f7e342482cf35ba8d4f2414d886d90f9
                                                                                                                                                                                                                                              • Instruction ID: 86a6a9173f7d20567c8ae2bb249fddc303668c970c82e3d032b9735ebafba260
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42849ed48d919fde42c0d44f840d19e9f7e342482cf35ba8d4f2414d886d90f9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B30128317242209BE7195B399C05B6A369CE714328F50853BF851F72F2DA78DC039B8D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405F2D Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                                • Part of subcall function 00405EC3: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405EDA
                                                                                                                                                                                                                                                • Part of subcall function 00405EC3: wsprintfA.USER32 ref: 00405F13
                                                                                                                                                                                                                                                • Part of subcall function 00405EC3: LoadLibraryA.KERNEL32(?), ref: 00405F23
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2547128583-0
                                                                                                                                                                                                                                              • Opcode ID: 1d5d05e119682ff417a48f130b5ba42363bbc93cead61c2bd8601333870f7f39
                                                                                                                                                                                                                                              • Instruction ID: 5a94b1a02772503a3f00306f9b3f9683cc322e661ee482fd999d4dc3ca30496d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d5d05e119682ff417a48f130b5ba42363bbc93cead61c2bd8601333870f7f39
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AE0863260861176D6105B74AD0496B72A8DE8C7503054C7EF945F6190D738DC119AA9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040287C Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000000B,00000001), ref: 0040288B
                                                                                                                                                                                                                                              • InvalidateRect.USER32(?), ref: 0040289B
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InvalidateMessageRectSend
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 909852535-0
                                                                                                                                                                                                                                              • Opcode ID: 08dcfb9834c95f89ad541780f3876cf505edd94ac534487e8fe09633a376a490
                                                                                                                                                                                                                                              • Instruction ID: f8a96fc1e36c5b93f6f214f627bc77ef160ce1b27a8f698795edc455daabadaa
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08dcfb9834c95f89ad541780f3876cf505edd94ac534487e8fe09633a376a490
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6E04672A00008AFEB118B94ECC89AEBB79FB00319F00003AE102A11A0D7341D41DA28
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401D95 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DAB
                                                                                                                                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00401DB6
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$EnableShow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1136574915-0
                                                                                                                                                                                                                                              • Opcode ID: 4b91b45f4026f97bd9beb82d67beae29b1f9c0c3cc10d42029c057caa3b17660
                                                                                                                                                                                                                                              • Instruction ID: 984ebb461e7b3d17f7d90f3cfa72f58d5920c2121cea36e24e5a662f071b7263
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b91b45f4026f97bd9beb82d67beae29b1f9c0c3cc10d42029c057caa3b17660
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BE08672A04100DBD750A7B59D4D95E3264AF00369B104037E402F11C1C97C5C018659
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405878 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(00000003,00402C78,C:\Users\user\Desktop\Setup (1).exe,80000000,00000003), ref: 0040587C
                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040589E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                                                                                              • Opcode ID: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                                                                                                              • Instruction ID: 518821d5ca0a74227a37217cadb520a33af9faec79942caa6648154b48e23ab6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDD09E71658301AFEF098F20DE1AF2E7AA2EB84B01F10962CB646940E0D6715C15DB16
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040351A Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,00403340,00000000), ref: 00403525
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\, xrefs: 00403539
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\
                                                                                                                                                                                                                                              • API String ID: 2962429428-114457409
                                                                                                                                                                                                                                              • Opcode ID: 06effaca25b5add7cfbfcc195f5a74dd9294b17ede22bdaed3f684b475f24700
                                                                                                                                                                                                                                              • Instruction ID: d1a415a1e30e97e21d6e0245b321a96cd967b9cfe2038280d4bc5e0259fe27b2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06effaca25b5add7cfbfcc195f5a74dd9294b17ede22bdaed3f684b475f24700
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CC01230544A00A6C2647F7C9E0B6053A156740336FD04725B175B10F3C73C5A41552E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405859 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,00405664,?,?,?), ref: 0040585D
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040586F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                              • Opcode ID: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                                                                                                                                                                                                                              • Instruction ID: 15299d6900fb3f0dcfcb805ba40550cd3d393431f2dda1ea0104ff8e742be84e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AC04CB1808505BBD6016B35DF4DC1F7B66EB50321B108B35F569A01F0CB319C66DA1A
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004053CC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,00403100,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 004053D2
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 004053E0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                                                                                                                              • Opcode ID: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                                                                                                                                                                                                                              • Instruction ID: 0a32bba0594ce4c50c7d18531d00583a5fdebb7a5bad339d624f0ac39b1a71a3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0C04C30A08501EBD6105B31AE49B177AE49B547C1F1045366506E41E0D7B49411D93E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004025E2 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,?,00000000,00000002,?,?), ref: 004025FC
                                                                                                                                                                                                                                                • Part of subcall function 00405AFF: wsprintfA.USER32 ref: 00405B0C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FilePointerwsprintf
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 327478801-0
                                                                                                                                                                                                                                              • Opcode ID: 7802b7b00399cfaf2990ab86e23f61d39cfe8f9262743632c11858e8c721a55f
                                                                                                                                                                                                                                              • Instruction ID: af763d8a78a761db22c42ff553d5b38efdf029ab42d771ce7adfc9ea42a260e9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7802b7b00399cfaf2990ab86e23f61d39cfe8f9262743632c11858e8c721a55f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8BE01A77A04100ABE741B7A69E8A8BF7269EF40309B10413BF501B10D1CABD5C025A2E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403093 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,00402EC0,000000FF,00000004,00000000,00000000,00000000), ref: 004030AA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                                                                                              • Opcode ID: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                                                                                                                                                                                                                              • Instruction ID: fff8dc69d300bf088447089d7068fb6aaa903b2c1760e3ba56c5ad9840b64b03
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BAE08C32161118BBCF215E52EC00EE73B5CEB047A2F008033BA14E62A0D670EA14DBAA
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403E5D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,?,00000000), ref: 00403E77
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ItemText
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3367045223-0
                                                                                                                                                                                                                                              • Opcode ID: 48d94960b38ebc28c1b92b2907df8a1a9cfd1de57119b9feed465b1dcc7dbd99
                                                                                                                                                                                                                                              • Instruction ID: ef3ffff1d02dc7de7135e56bd9a3da932b159402b42e9e0b37d7e7a6cf7c8a2a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48d94960b38ebc28c1b92b2907df8a1a9cfd1de57119b9feed465b1dcc7dbd99
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15C08C31048300BFD281A704CC02F0FB7E8EF9031AF40C82EB16CA40D1C634D4208E2A
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403EA9 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageA.USER32(00020406,00000000,00000000,00000000), ref: 00403EBB
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                              • Opcode ID: 43c32328bbefc1a3920a48ff71181bee35ee5e1fabb1ba4cd28715ef016f3240
                                                                                                                                                                                                                                              • Instruction ID: 754643320ca30f69397f413a8b8db00d71b0532af1d09d8a00dcaf1ba171179f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43c32328bbefc1a3920a48ff71181bee35ee5e1fabb1ba4cd28715ef016f3240
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0C09B717543017BEE20DF65DD45F0B7B586754B01F148435B200FB1D1C675E411DA6D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004030C5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00402DFF,00009DE4), ref: 004030D3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                                                              • Opcode ID: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                                                                                                                                                                                                                              • Instruction ID: 89776e93a0172b97a38fb7948c015c90ed7fb14eba3da05579cbd58eb2c2bcc6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87B01271644200BFDB214F00DF06F057B61A794701F108030B744380F082712830EB1E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403E92 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000028,?,00000001,00403CC3), ref: 00403EA0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                              • Opcode ID: 4bd8982626c92abb2357f82476bd4d99c5d7f29670624c06be2de6c5191f01be
                                                                                                                                                                                                                                              • Instruction ID: 44392e581bbb4aa9116d087c90e7fb2cdd31efd5ead07ebe883a28bd9b35942d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bd8982626c92abb2357f82476bd4d99c5d7f29670624c06be2de6c5191f01be
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAB01236688202BBEE214B41DD09F457E62F768701F008030F300280F4CAB200A1EF09
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403E7F Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,00403C5C), ref: 00403E89
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                                                                                                                              • Opcode ID: 8c5842e903119d4e54e6dca0c52f7b0b198653f2e5d8341527d4c31334f50caf
                                                                                                                                                                                                                                              • Instruction ID: 95dc7da4476d59103c26fcc6ae799d7f945830a776bf5e17fb181abdd4047406
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c5842e903119d4e54e6dca0c52f7b0b198653f2e5d8341527d4c31334f50caf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EDA002755041009BCB555F50DF04D057B62A7547017415435A5455417486315579EB1F
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Sleep
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                                                                                                                              • Opcode ID: 78d2e6e0d4cef65e2203bc32a72a52e1585775b4b48775cde150ca72926f469a
                                                                                                                                                                                                                                              • Instruction ID: 2279a1eb59868a7384db17342a960448875f3c9b0d9377e09ad035f05ac00328
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78d2e6e0d4cef65e2203bc32a72a52e1585775b4b48775cde150ca72926f469a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9D0A973B241008BE790E7BEAE8945B23A8FB4032A3204833D802E2092D93CC8028218
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                              Function 004047DC Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 004047F3
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 00404800
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000001), ref: 0040484C
                                                                                                                                                                                                                                              • LoadBitmapA.USER32(0000006E), ref: 0040485F
                                                                                                                                                                                                                                              • SetWindowLongA.USER32(?,000000FC,00404DDD), ref: 00404879
                                                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 0040488D
                                                                                                                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004048A1
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001109,00000002), ref: 004048B6
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048C2
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048D4
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004048D9
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404904
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404910
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049A5
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049D0
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049E4
                                                                                                                                                                                                                                              • GetWindowLongA.USER32(?,000000F0), ref: 00404A13
                                                                                                                                                                                                                                              • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404A21
                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 00404A32
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B35
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404B9A
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BAF
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BD3
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404BF9
                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 00404C0E
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00404C1E
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404C8E
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D37
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D46
                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D66
                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 00404DB4
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 00404DBF
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00404DC6
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                              • String ID: $M$N$kI
                                                                                                                                                                                                                                              • API String ID: 1638840714-2178079671
                                                                                                                                                                                                                                              • Opcode ID: 6985abba1fe45adf417fb8140e8c520ba99ed0859ec1e49cc794178df0c19cc9
                                                                                                                                                                                                                                              • Instruction ID: 458a4472cc575749f24c7bcde6f1b2e9246033a2a8d3a9469834700d3721ba37
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6985abba1fe45adf417fb8140e8c520ba99ed0859ec1e49cc794178df0c19cc9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7028EB0A00209EFDB21DF55DD85AAE7BB5FB84314F10813AF610BA2E1C7799A41DF58
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040429B Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 273stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 004042EA
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(00000000,?), ref: 00404314
                                                                                                                                                                                                                                              • SHBrowseForFolderA.SHELL32(?,00429490,?), ref: 004043C5
                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 004043D0
                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(0042DBE0,0042A0C0), ref: 00404402
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0042DBE0), ref: 0040440E
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404420
                                                                                                                                                                                                                                                • Part of subcall function 00405446: GetDlgItemTextA.USER32(?,?,00000400,00404457), ref: 00405459
                                                                                                                                                                                                                                                • Part of subcall function 00405E03: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Setup (1).exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E5B
                                                                                                                                                                                                                                                • Part of subcall function 00405E03: CharNextA.USER32(?,?,?,00000000), ref: 00405E68
                                                                                                                                                                                                                                                • Part of subcall function 00405E03: CharNextA.USER32(?,"C:\Users\user\Desktop\Setup (1).exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E6D
                                                                                                                                                                                                                                                • Part of subcall function 00405E03: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E7D
                                                                                                                                                                                                                                              • GetDiskFreeSpaceA.KERNEL32(00429088,?,?,0000040F,?,00429088,00429088,?,00000001,00429088,?,?,000003FB,?), ref: 004044DE
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044F9
                                                                                                                                                                                                                                                • Part of subcall function 00404652: lstrlenA.KERNEL32(0042A0C0,0042A0C0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,0040456D,000000DF,00000000,00000400,?), ref: 004046F0
                                                                                                                                                                                                                                                • Part of subcall function 00404652: wsprintfA.USER32 ref: 004046F8
                                                                                                                                                                                                                                                • Part of subcall function 00404652: SetDlgItemTextA.USER32(?,0042A0C0), ref: 0040470B
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                              • String ID: A$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\nsw39B6.tmp$kI$~I
                                                                                                                                                                                                                                              • API String ID: 2624150263-3790588999
                                                                                                                                                                                                                                              • Opcode ID: 3d64022c2b21c39a64a98da63deeb86cc1d5b9f7a9423e99d56a9714a362c618
                                                                                                                                                                                                                                              • Instruction ID: 25cf576a769d2d8a049a3aeadb65d5b4cdf4f75aeaeb5f9dd55cec19ee375662
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d64022c2b21c39a64a98da63deeb86cc1d5b9f7a9423e99d56a9714a362c618
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6A170B1900218ABDB11AFA5DC41BAF77B8EF84315F10843BF611B62D1D77C9A418F69
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402036 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(004074B8,?,00000001,004074A8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402089
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409458,00000400,?,00000001,004074A8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402143
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Program Files (x86)\Fast!, xrefs: 004020C1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                                                                              • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                              • API String ID: 123533781-1788482285
                                                                                                                                                                                                                                              • Opcode ID: 089d836d197c9fcc50a53b18f49cd8a015546262fcb82e37291253ae6d4f0e16
                                                                                                                                                                                                                                              • Instruction ID: 191a2b8eefbfb1bddfad8f8f84b6cbb7561eb223b9fb57f38d09f1a7a57a31e1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 089d836d197c9fcc50a53b18f49cd8a015546262fcb82e37291253ae6d4f0e16
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39413075A00104BFDB00EFA4CD89E9E7BBAEF49364B20426AF505EB2D1CA799D41CB54
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402654 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402663
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1974802433-0
                                                                                                                                                                                                                                              • Opcode ID: a1c633566bb42718fd209a1295be4839a4acb94dd37ef7f011ee4d14f6f5a913
                                                                                                                                                                                                                                              • Instruction ID: 4742aed74e2d5c2fbc4c68297bab01de776a4a0a464f4ce0b78a7fb1d39a8d7e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1c633566bb42718fd209a1295be4839a4acb94dd37ef7f011ee4d14f6f5a913
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAF0A032608100ABD710E7B99989AEEB368AF11324F60467BE105F21C1DAB859459B6A
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040632A Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5a819559cac325912a5da870af16f2072e900c9bb0763f72fbb9437a3d348546
                                                                                                                                                                                                                                              • Instruction ID: 430467d656314c7e37725f6accf0e98df37da47b2ee055c5ee71eb9d2680c55a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a819559cac325912a5da870af16f2072e900c9bb0763f72fbb9437a3d348546
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BE18B71A00709DFDB24CF58D880BAABBF1FB45305F15852EE897A7291D738AA95CF04
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00406B01 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6271c98690b1cfc42e3136c50631b776cf05fd7e3b644bcdccc108723492fea8
                                                                                                                                                                                                                                              • Instruction ID: 31e596356fdf544bef750598cd2398cea7ffcaa0c07f8aabd85cf97c85a13bdb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6271c98690b1cfc42e3136c50631b776cf05fd7e3b644bcdccc108723492fea8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6C14C71A00229CBDF14CF68D4905EEB7B2FF98314F26816AD856BB384D734A952CF94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403FA5 Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404030
                                                                                                                                                                                                                                              • GetDlgItem.USER32(00000000,000003E8), ref: 00404044
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404062
                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 00404073
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404082
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404091
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0040409B
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040A9
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040B8
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 0040411B
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000), ref: 0040411E
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 00404149
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404189
                                                                                                                                                                                                                                              • LoadCursorA.USER32(00000000,00007F02), ref: 00404198
                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 004041A1
                                                                                                                                                                                                                                              • ShellExecuteA.SHELL32(0000070B,open,0042DBE0,00000000,00000000,00000001), ref: 004041B4
                                                                                                                                                                                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 004041C1
                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 004041C4
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000111,00000001,00000000), ref: 004041F0
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404204
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                                                              • String ID: N$kI$open$q?@$~I
                                                                                                                                                                                                                                              • API String ID: 3615053054-2749996642
                                                                                                                                                                                                                                              • Opcode ID: 43e4b1bebc352cc37ab134c8e21d344cf3974b6da0146347b86895c6f7b453af
                                                                                                                                                                                                                                              • Instruction ID: 8cc316ab489d754ba064ab1d5a66df449127ca6112c148b2bdc2fdd16cb80ba7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43e4b1bebc352cc37ab134c8e21d344cf3974b6da0146347b86895c6f7b453af
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9361DFB1A40209BFEB109F60CC45F6A3B68FB54745F10853AFB04BA2D1C7B8A951CF99
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                              • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                              • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                              • DrawTextA.USER32(00000000,Fast! Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                              • String ID: F$Fast! Setup
                                                                                                                                                                                                                                              • API String ID: 941294808-2757725660
                                                                                                                                                                                                                                              • Opcode ID: 9ef4e76bf49e76a01cd413a5d017736c2cab636d92d5aa9aaf47e7e990c9ee05
                                                                                                                                                                                                                                              • Instruction ID: 7d427dbe4d4bacd88da03279d54ab8fa369b0c74db3328ba00a5b4b95e7f032c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ef4e76bf49e76a01cd413a5d017736c2cab636d92d5aa9aaf47e7e990c9ee05
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B41AC71804249AFCB058F95CD459BFBFB9FF44314F00802AF961AA2A0C738EA50DFA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004058EF Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00405F2D: GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                • Part of subcall function 00405F2D: GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,00405684,?,00000000,000000F1,?), ref: 0040593C
                                                                                                                                                                                                                                              • GetShortPathNameA.KERNEL32(?,0042C250,00000400), ref: 00405945
                                                                                                                                                                                                                                              • GetShortPathNameA.KERNEL32(00000000,0042BCC8,00000400), ref: 00405962
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00405980
                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0042BCC8,C0000000,00000004,0042BCC8,?,?,?,00000000,000000F1,?), ref: 004059BB
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059CA
                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059E0
                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,0042B8C8,00000000,-0000000A,00409404,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A26
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A38
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00405A3F
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A46
                                                                                                                                                                                                                                                • Part of subcall function 004057ED: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057F4
                                                                                                                                                                                                                                                • Part of subcall function 004057ED: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405824
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                                                                                                                                                                                              • String ID: %s=%s$[Rename]
                                                                                                                                                                                                                                              • API String ID: 3445103937-1727408572
                                                                                                                                                                                                                                              • Opcode ID: 5742fcf8e6d24369f73811d4e0a848200ec6767fcee875b956134d564270afd6
                                                                                                                                                                                                                                              • Instruction ID: f45ed1bdfbf8c4b03de67142e423a5701368854c8b403738f0f2c648216b24c4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5742fcf8e6d24369f73811d4e0a848200ec6767fcee875b956134d564270afd6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D741D471B05B157BD7206B619C89F6B3B5CDF85754F040136F905F62D2EA38E8018EAD
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405E03 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Setup (1).exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E5B
                                                                                                                                                                                                                                              • CharNextA.USER32(?,?,?,00000000), ref: 00405E68
                                                                                                                                                                                                                                              • CharNextA.USER32(?,"C:\Users\user\Desktop\Setup (1).exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E6D
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E7D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                                                                                              • String ID: "C:\Users\user\Desktop\Setup (1).exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                              • API String ID: 589700163-850226759
                                                                                                                                                                                                                                              • Opcode ID: 3b5f3268fa1fae19e58d0ad2ced72642c676bfd811e2c7a6988a98807c9a22ca
                                                                                                                                                                                                                                              • Instruction ID: 8c0debaa59703488c7458a94fa91a8896e4240cf3d31b331365b77cfd974a1c9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b5f3268fa1fae19e58d0ad2ced72642c676bfd811e2c7a6988a98807c9a22ca
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E11B671804A912DEB3217289C44B777FC8CB66790F18447BD4D5723C2D67C5D428AAD
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403EC4 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowLongA.USER32(?,000000EB), ref: 00403EE1
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000000), ref: 00403EFD
                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00403F09
                                                                                                                                                                                                                                              • SetBkMode.GDI32(?,?), ref: 00403F15
                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 00403F28
                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 00403F38
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00403F52
                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 00403F5C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                                                                                              • Opcode ID: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                                                                                                                                                                                                                              • Instruction ID: 0d89a351d513fb24bb3d4bb4099581c898fc75933690e96f4850fc1bb23eeaf2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91214271904745ABCB219F78DD08B4B7FF8AF05715B048629F995A22E0D734E9048B65
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402692 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00009E00,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004026E6
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402702
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 0040273B
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040274D
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402754
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040276C
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402780
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3294113728-0
                                                                                                                                                                                                                                              • Opcode ID: 9c2b519bab710da34c4f93b0ba9d6d86cd7c01b4cb3bb32b5413ac78432567f7
                                                                                                                                                                                                                                              • Instruction ID: 5b53ae4c2b613e87b8af51cb2b1d5881ebc53a54f05e9f53cd44442d287e2222
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c2b519bab710da34c4f93b0ba9d6d86cd7c01b4cb3bb32b5413ac78432567f7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3131A971C00128BBCF216FA5CE88DAE7F79EF05364F10423AF920762E1C67949408FA9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040475C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404777
                                                                                                                                                                                                                                              • GetMessagePos.USER32 ref: 0040477F
                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00404799
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047AB
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047D1
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                              • Opcode ID: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                                                                                                                                                                                                                              • Instruction ID: 1287270e3ce35f4bc81f554f3193770291cde8f8b01dc106229a8c11fbd36195
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99014071D00219BADB01DBA4DD85FFEBBFCAB59711F10412BBA10B72C0D7B465018BA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402B51 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B6C
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(0001F606,00000064,00022CC8), ref: 00402B97
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00402BA7
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,?), ref: 00402BB7
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BC9
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • verifying installer: %d%%, xrefs: 00402BA1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                              • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                              • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                              • Opcode ID: f4b40b60170e557e8e64fd1007bdae5203f411c8eb827d09f08439ceb1717922
                                                                                                                                                                                                                                              • Instruction ID: 170251b52dccb1bc1045efc101099eb7df8550efa5a7238432f4f3ca5a85e13a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4b40b60170e557e8e64fd1007bdae5203f411c8eb827d09f08439ceb1717922
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C501F470644209BBDB209F61DD49EED3779AB44305F008039FA06B52D0D7B599558F95
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402319 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402357
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402377
                                                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023B0
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402493
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp
                                                                                                                                                                                                                                              • API String ID: 1356686001-1805921855
                                                                                                                                                                                                                                              • Opcode ID: 61935974622c5da474b5e029e75e3e8e17383666ee19cd5a5b43de79f1f0482f
                                                                                                                                                                                                                                              • Instruction ID: 87e3eab27a64c54b83edf31c6fc5fb34a185908cb1e9cfdfcb2c5e910e3a0e9b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61935974622c5da474b5e029e75e3e8e17383666ee19cd5a5b43de79f1f0482f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74116371E00108BEEB10EFB5DE89EAF7A79EB50358F10403AF905B61D1D6B85D019A69
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004038BD Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(00000000,Fast! Setup), ref: 00403955
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: TextWindow
                                                                                                                                                                                                                                              • String ID: "C:\Users\user\Desktop\Setup (1).exe"$1033$Fast! Setup$kI
                                                                                                                                                                                                                                              • API String ID: 530164218-3365299732
                                                                                                                                                                                                                                              • Opcode ID: d8ad201f115282551ba09e0da2efc204a6a752d14a8939c65402d3ba6059872e
                                                                                                                                                                                                                                              • Instruction ID: 93100a74eb761491cad5589d5ba72450eee8ba09b7e289b8bdcf135b4c9a781b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8ad201f115282551ba09e0da2efc204a6a752d14a8939c65402d3ba6059872e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A611F071B006108BC730EF56DC80A773BACEB85715368813BA801A73A0CA39AD028B9C
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040534F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,?,00000000), ref: 00405392
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 004053A6
                                                                                                                                                                                                                                              • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053BB
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 004053C5
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                                                              • API String ID: 3449924974-2743851969
                                                                                                                                                                                                                                              • Opcode ID: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                                                                                                                                                                                                                              • Instruction ID: 0f194ad754f8d2153fe6bade7a67ae4222ab15fc701b17716cfd16251ec2b406
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5010871D04259EBEF119BA0D904BEFBFB8EF04354F00457AE905B6180D3B89614CFAA
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401D1B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDC.USER32(?), ref: 00401D22
                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                                                                                                                                              • CreateFontIndirectA.GDI32(0040B064), ref: 00401D8A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirect
                                                                                                                                                                                                                                              • String ID: MS Shell Dlg
                                                                                                                                                                                                                                              • API String ID: 3272661963-76309092
                                                                                                                                                                                                                                              • Opcode ID: ddff0eb3c5e25ddfa96e079742b43ca07db4ec19b9a7de42c68f69fa1349c524
                                                                                                                                                                                                                                              • Instruction ID: 5e6b0a242ffc9277152ed6cf63edc70abaf129c53bcded44f01e7363494148ce
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ddff0eb3c5e25ddfa96e079742b43ca07db4ec19b9a7de42c68f69fa1349c524
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BF04471E89240AEE7016770AF1AB9B7F64D715305F104475F651B62E2C77914048BAE
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402A4C Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A6D
                                                                                                                                                                                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AA9
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402AB2
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402AD7
                                                                                                                                                                                                                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AF5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1912718029-0
                                                                                                                                                                                                                                              • Opcode ID: 87ccbfffecd7de7467de5c73c2002d88ab1ef4389744f866cc51cf150fc0b97d
                                                                                                                                                                                                                                              • Instruction ID: aab1c47b15b7d7dbd0304e6a384de86cdfdd1b9a1951722987da620561d60ced
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87ccbfffecd7de7467de5c73c2002d88ab1ef4389744f866cc51cf150fc0b97d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45117F71A00009FFDF219F91DE49DAF3B69EB14394B004076FA06F00A0DBB49E52AF69
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?), ref: 00401CC5
                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00401CD2
                                                                                                                                                                                                                                              • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401CF3
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                                                                                              • Opcode ID: def8d1c1479795c1167aff6e03d0c5147865de771fccb6e49a981145c37fb96d
                                                                                                                                                                                                                                              • Instruction ID: 0b6a49845d72fa48a9a579b1019c06f6c105053db178aa5042bb0eadc5b1df39
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: def8d1c1479795c1167aff6e03d0c5147865de771fccb6e49a981145c37fb96d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF0EC72A04114AFEB00EBA4DD88DAFB77CFB44305B044536F501F6191C678AD419B79
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404652 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0042A0C0,0042A0C0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,0040456D,000000DF,00000000,00000400,?), ref: 004046F0
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 004046F8
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,0042A0C0), ref: 0040470B
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                              • String ID: %u.%u%s%s
                                                                                                                                                                                                                                              • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                              • Opcode ID: 25570fc33e6b197a104511908ae51b25733c0ff1131e090094a159b4d727c391
                                                                                                                                                                                                                                              • Instruction ID: cfc8e6c3a4af003209a53fcdfac8cba24e816d3e629d82a7997265ded69b8fd0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25570fc33e6b197a104511908ae51b25733c0ff1131e090094a159b4d727c391
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0112773A0412827EB0065699C45EAF3298DB86334F254637FE25F71D1E9799C1285EC
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404DDD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 00404E13
                                                                                                                                                                                                                                              • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404E81
                                                                                                                                                                                                                                                • Part of subcall function 00403EA9: SendMessageA.USER32(00020406,00000000,00000000,00000000), ref: 00403EBB
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                              • String ID: $C:\Users\user\AppData\Local\Temp\nsw39B6.tmp
                                                                                                                                                                                                                                              • API String ID: 3748168415-2462663971
                                                                                                                                                                                                                                              • Opcode ID: 284444f2568d96eb5f499d391233f43a2f88d41ae364e0567807da02f849ec1b
                                                                                                                                                                                                                                              • Instruction ID: 765017f4a7fe1763b93213a0743e5224a7b8bf10e0e2635d7465f91e9f3f1348
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 284444f2568d96eb5f499d391233f43a2f88d41ae364e0567807da02f849ec1b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5116D71500218BFDF215F51DC81E9B7669BB84365F00803AFA08792A1C37C49518BEE
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405694 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030FA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 0040569A
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030FA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 004056A3
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00409010), ref: 004056B4
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405694
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                              • API String ID: 2659869361-297319885
                                                                                                                                                                                                                                              • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                                                                              • Instruction ID: 3169b85a74bfaa55460b422d3e3fbca7e168afda588c61a1877893bbaf19970e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25D0A972606A302EE20226158C05F8B3A28CF52301B0448A2F640B22D2C7BC7E818FFE
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405728 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharNextA.USER32(004054DA,?,C:\,00000000,0040578C,C:\,C:\,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405736
                                                                                                                                                                                                                                              • CharNextA.USER32(00000000), ref: 0040573B
                                                                                                                                                                                                                                              • CharNextA.USER32(00000000), ref: 0040574A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharNext
                                                                                                                                                                                                                                              • String ID: C:\
                                                                                                                                                                                                                                              • API String ID: 3213498283-3404278061
                                                                                                                                                                                                                                              • Opcode ID: 2a9caa78ea5ad24ed31709241e3ad5854e0d2865484118cf7a19592bf420cc00
                                                                                                                                                                                                                                              • Instruction ID: a054648e037d2dc9b414c06332908f1e3c0a092ae6d4a81e5674b26f1e0c7c07
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a9caa78ea5ad24ed31709241e3ad5854e0d2865484118cf7a19592bf420cc00
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2F02751E00B609AE73232740C44B2B579CEB54720F184433E101B71D087BC4C82AFAA
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402BD4 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,00402DB4,00000001), ref: 00402BE7
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402C05
                                                                                                                                                                                                                                              • CreateDialogParamA.USER32(0000006F,00000000,00402B51,00000000), ref: 00402C22
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402C30
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2102729457-0
                                                                                                                                                                                                                                              • Opcode ID: b254695f6d3024de6991e78bd902d51a9eabd2695cbf76f56ec73d281620ca3d
                                                                                                                                                                                                                                              • Instruction ID: fe7f2a60441318f0c2a90f6d59b101c1e11520174a0dcb1e75ef42172c75ba50
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b254695f6d3024de6991e78bd902d51a9eabd2695cbf76f56ec73d281620ca3d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7FF05470A0D121ABD6746F55FE8CD8B7BA4F744B017540576F000B11A4DA785882CFAD
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004024D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000011), ref: 004024F2
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\INetC.dll,00000000,?,?,00000000,00000011), ref: 00402511
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\INetC.dll, xrefs: 004024E0, 00402505
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileWritelstrlen
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsq6D8B.tmp\INetC.dll
                                                                                                                                                                                                                                              • API String ID: 427699356-2934482683
                                                                                                                                                                                                                                              • Opcode ID: 55d5c31b05b367b2be7d260ca987d3fabb08ce9c2cd564eb144ff7a2d4973d57
                                                                                                                                                                                                                                              • Instruction ID: 4d0466e2475190dcbeea98c473c6ee3349c22a30d2c03acad583e8792e536618
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55d5c31b05b367b2be7d260ca987d3fabb08ce9c2cd564eb144ff7a2d4973d57
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FEF0E972A44244BFEB10FBB19E09EAB3668EB50309F14443BF142F51C2D6FC5541966E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405401 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042C0C8,Error launching installer), ref: 00405426
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00405433
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Error launching installer, xrefs: 00405414
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                              • String ID: Error launching installer
                                                                                                                                                                                                                                              • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                              • Opcode ID: 0925aebfc32c6642fbbb941080814cd4d7ece6f22c8f43fc911f16656fd02ce2
                                                                                                                                                                                                                                              • Instruction ID: 8ba2d39aa234bef1b68f753dd4085f5a0355ab0b72bc814b33162f1b9dafcc5c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0925aebfc32c6642fbbb941080814cd4d7ece6f22c8f43fc911f16656fd02ce2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40E0E675A00209ABDB109FA4DC45A6F7B7CFF10305B404521E914F3151D774D5148A6D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004056DB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CA4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Setup (1).exe,C:\Users\user\Desktop\Setup (1).exe,80000000,00000003), ref: 004056E1
                                                                                                                                                                                                                                              • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CA4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Setup (1).exe,C:\Users\user\Desktop\Setup (1).exe,80000000,00000003), ref: 004056EF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                                                              • API String ID: 2709904686-2743851969
                                                                                                                                                                                                                                              • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                                                                              • Instruction ID: 3f11d7040b39dee88ccc87d096f3af91d58a3172f7b65643d8c2c66232cec6f3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADD0A76280ADB01EF30352108C04B8F7A58CF13300F0948A2E040A21D1C6B85C418FFD
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004057ED Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057F4
                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 0040580D
                                                                                                                                                                                                                                              • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 0040581B
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405824
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1888939103.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888900693.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1888991525.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889030283.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1889118475.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                                                                                                                              • Opcode ID: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                                                                                                                                                                                                                              • Instruction ID: 9d1965df737bf6a3caf75c2c412474092f11d9bf319c7f7f540ae1764f3f27e9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69F0A737209D51ABD202AB255C04D6B7FA4EF91314B14447AF840F2280D779A925DBBB
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:30.3%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                              Signature Coverage:5.6%
                                                                                                                                                                                                                                              Total number of Nodes:1350
                                                                                                                                                                                                                                              Total number of Limit Nodes:34
                                                                                                                                                                                                                                              execution_graph 2924 4015c1 2943 402da6 2924->2943 2928 401631 2930 401663 2928->2930 2931 401636 2928->2931 2933 401423 24 API calls 2930->2933 2967 401423 2931->2967 2940 40165b 2933->2940 2938 40164a SetCurrentDirectoryW 2938->2940 2939 401617 GetFileAttributesW 2941 4015d1 2939->2941 2941->2928 2941->2939 2955 405e39 2941->2955 2959 405b08 2941->2959 2962 405a6e CreateDirectoryW 2941->2962 2971 405aeb CreateDirectoryW 2941->2971 2944 402db2 2943->2944 2974 40657a 2944->2974 2947 4015c8 2949 405eb7 CharNextW CharNextW 2947->2949 2950 405ed4 2949->2950 2954 405ee6 2949->2954 2951 405ee1 CharNextW 2950->2951 2950->2954 2952 405f0a 2951->2952 2952->2941 2953 405e39 CharNextW 2953->2954 2954->2952 2954->2953 2956 405e3f 2955->2956 2957 405e55 2956->2957 2958 405e46 CharNextW 2956->2958 2957->2941 2958->2956 3012 40690a GetModuleHandleA 2959->3012 2963 405abb 2962->2963 2964 405abf GetLastError 2962->2964 2963->2941 2964->2963 2965 405ace SetFileSecurityW 2964->2965 2965->2963 2966 405ae4 GetLastError 2965->2966 2966->2963 3021 40559f 2967->3021 2970 40653d lstrcpynW 2970->2938 2972 405afb 2971->2972 2973 405aff GetLastError 2971->2973 2972->2941 2973->2972 2978 406587 2974->2978 2975 4067aa 2976 402dd3 2975->2976 3007 40653d lstrcpynW 2975->3007 2976->2947 2991 4067c4 2976->2991 2978->2975 2979 406778 lstrlenW 2978->2979 2982 40657a 10 API calls 2978->2982 2983 40668f GetSystemDirectoryW 2978->2983 2985 4066a2 GetWindowsDirectoryW 2978->2985 2986 406719 lstrcatW 2978->2986 2987 40657a 10 API calls 2978->2987 2988 4067c4 5 API calls 2978->2988 2989 4066d1 SHGetSpecialFolderLocation 2978->2989 3000 40640b 2978->3000 3005 406484 wsprintfW 2978->3005 3006 40653d lstrcpynW 2978->3006 2979->2978 2982->2979 2983->2978 2985->2978 2986->2978 2987->2978 2988->2978 2989->2978 2990 4066e9 SHGetPathFromIDListW CoTaskMemFree 2989->2990 2990->2978 2997 4067d1 2991->2997 2992 406847 2993 40684c CharPrevW 2992->2993 2995 40686d 2992->2995 2993->2992 2994 40683a CharNextW 2994->2992 2994->2997 2995->2947 2996 405e39 CharNextW 2996->2997 2997->2992 2997->2994 2997->2996 2998 406826 CharNextW 2997->2998 2999 406835 CharNextW 2997->2999 2998->2997 2999->2994 3008 4063aa 3000->3008 3003 40646f 3003->2978 3004 40643f RegQueryValueExW RegCloseKey 3004->3003 3005->2978 3006->2978 3007->2976 3009 4063b9 3008->3009 3010 4063c2 RegOpenKeyExW 3009->3010 3011 4063bd 3009->3011 3010->3011 3011->3003 3011->3004 3013 406930 GetProcAddress 3012->3013 3014 406926 3012->3014 3016 405b0f 3013->3016 3018 40689a GetSystemDirectoryW 3014->3018 3016->2941 3017 40692c 3017->3013 3017->3016 3019 4068bc wsprintfW LoadLibraryExW 3018->3019 3019->3017 3022 4055ba 3021->3022 3023 401431 3021->3023 3024 4055d6 lstrlenW 3022->3024 3025 40657a 17 API calls 3022->3025 3023->2970 3026 4055e4 lstrlenW 3024->3026 3027 4055ff 3024->3027 3025->3024 3026->3023 3028 4055f6 lstrcatW 3026->3028 3029 405612 3027->3029 3030 405605 SetWindowTextW 3027->3030 3028->3027 3029->3023 3031 405618 SendMessageW SendMessageW SendMessageW 3029->3031 3030->3029 3031->3023 3032 401941 3033 401943 3032->3033 3034 402da6 17 API calls 3033->3034 3035 401948 3034->3035 3038 405c49 3035->3038 3074 405f14 3038->3074 3041 405c71 DeleteFileW 3072 401951 3041->3072 3042 405c88 3043 405da8 3042->3043 3088 40653d lstrcpynW 3042->3088 3043->3072 3106 406873 FindFirstFileW 3043->3106 3045 405cae 3046 405cc1 3045->3046 3047 405cb4 lstrcatW 3045->3047 3098 405e58 lstrlenW 3046->3098 3049 405cc7 3047->3049 3051 405cd7 lstrcatW 3049->3051 3053 405ce2 lstrlenW FindFirstFileW 3049->3053 3051->3053 3053->3043 3065 405d04 3053->3065 3056 405d8b FindNextFileW 3060 405da1 FindClose 3056->3060 3056->3065 3057 405c01 5 API calls 3059 405de3 3057->3059 3061 405de7 3059->3061 3062 405dfd 3059->3062 3060->3043 3066 40559f 24 API calls 3061->3066 3061->3072 3064 40559f 24 API calls 3062->3064 3064->3072 3065->3056 3067 405c49 60 API calls 3065->3067 3069 40559f 24 API calls 3065->3069 3071 40559f 24 API calls 3065->3071 3089 40653d lstrcpynW 3065->3089 3090 405c01 3065->3090 3102 4062fd MoveFileExW 3065->3102 3068 405df4 3066->3068 3067->3065 3070 4062fd 36 API calls 3068->3070 3069->3056 3070->3072 3071->3065 3112 40653d lstrcpynW 3074->3112 3076 405f25 3077 405eb7 4 API calls 3076->3077 3078 405f2b 3077->3078 3079 405c69 3078->3079 3080 4067c4 5 API calls 3078->3080 3079->3041 3079->3042 3086 405f3b 3080->3086 3081 405f6c lstrlenW 3082 405f77 3081->3082 3081->3086 3084 405e0c 3 API calls 3082->3084 3083 406873 2 API calls 3083->3086 3085 405f7c GetFileAttributesW 3084->3085 3085->3079 3086->3079 3086->3081 3086->3083 3087 405e58 2 API calls 3086->3087 3087->3081 3088->3045 3089->3065 3113 406008 GetFileAttributesW 3090->3113 3093 405c2e 3093->3065 3094 405c24 DeleteFileW 3096 405c2a 3094->3096 3095 405c1c RemoveDirectoryW 3095->3096 3096->3093 3097 405c3a SetFileAttributesW 3096->3097 3097->3093 3099 405e66 3098->3099 3100 405e78 3099->3100 3101 405e6c CharPrevW 3099->3101 3100->3049 3101->3099 3101->3100 3103 406311 3102->3103 3105 40631e 3102->3105 3116 406183 3103->3116 3105->3065 3107 405dcd 3106->3107 3108 406889 FindClose 3106->3108 3107->3072 3109 405e0c lstrlenW CharPrevW 3107->3109 3108->3107 3110 405dd7 3109->3110 3111 405e28 lstrcatW 3109->3111 3110->3057 3111->3110 3112->3076 3114 405c0d 3113->3114 3115 40601a SetFileAttributesW 3113->3115 3114->3093 3114->3094 3114->3095 3115->3114 3117 4061b3 3116->3117 3118 4061d9 GetShortPathNameW 3116->3118 3143 40602d GetFileAttributesW CreateFileW 3117->3143 3120 4062f8 3118->3120 3121 4061ee 3118->3121 3120->3105 3121->3120 3123 4061f6 wsprintfA 3121->3123 3122 4061bd CloseHandle GetShortPathNameW 3122->3120 3124 4061d1 3122->3124 3125 40657a 17 API calls 3123->3125 3124->3118 3124->3120 3126 40621e 3125->3126 3144 40602d GetFileAttributesW CreateFileW 3126->3144 3128 40622b 3128->3120 3129 40623a GetFileSize GlobalAlloc 3128->3129 3130 4062f1 CloseHandle 3129->3130 3131 40625c 3129->3131 3130->3120 3145 4060b0 ReadFile 3131->3145 3136 40627b lstrcpyA 3139 40629d 3136->3139 3137 40628f 3138 405f92 4 API calls 3137->3138 3138->3139 3140 4062d4 SetFilePointer 3139->3140 3152 4060df WriteFile 3140->3152 3143->3122 3144->3128 3146 4060ce 3145->3146 3146->3130 3147 405f92 lstrlenA 3146->3147 3148 405fd3 lstrlenA 3147->3148 3149 405fdb 3148->3149 3150 405fac lstrcmpiA 3148->3150 3149->3136 3149->3137 3150->3149 3151 405fca CharNextA 3150->3151 3151->3148 3153 4060fd GlobalFree 3152->3153 3153->3130 3154 401c43 3176 402d84 3154->3176 3156 401c4a 3157 402d84 17 API calls 3156->3157 3158 401c57 3157->3158 3159 401c6c 3158->3159 3160 402da6 17 API calls 3158->3160 3161 401c7c 3159->3161 3162 402da6 17 API calls 3159->3162 3160->3159 3163 401cd3 3161->3163 3164 401c87 3161->3164 3162->3161 3166 402da6 17 API calls 3163->3166 3165 402d84 17 API calls 3164->3165 3168 401c8c 3165->3168 3167 401cd8 3166->3167 3169 402da6 17 API calls 3167->3169 3170 402d84 17 API calls 3168->3170 3171 401ce1 FindWindowExW 3169->3171 3172 401c98 3170->3172 3175 401d03 3171->3175 3173 401cc3 SendMessageW 3172->3173 3174 401ca5 SendMessageTimeoutW 3172->3174 3173->3175 3174->3175 3177 40657a 17 API calls 3176->3177 3178 402d99 3177->3178 3178->3156 3845 404943 3846 404953 3845->3846 3847 404979 3845->3847 3848 404499 18 API calls 3846->3848 3849 404500 8 API calls 3847->3849 3850 404960 SetDlgItemTextW 3848->3850 3851 404985 3849->3851 3850->3847 3852 4028c4 3853 4028ca 3852->3853 3854 4028d2 FindClose 3853->3854 3855 402c2a 3853->3855 3854->3855 3859 4016cc 3860 402da6 17 API calls 3859->3860 3861 4016d2 GetFullPathNameW 3860->3861 3862 4016ec 3861->3862 3868 40170e 3861->3868 3865 406873 2 API calls 3862->3865 3862->3868 3863 401723 GetShortPathNameW 3864 402c2a 3863->3864 3866 4016fe 3865->3866 3866->3868 3869 40653d lstrcpynW 3866->3869 3868->3863 3868->3864 3869->3868 3870 401e4e GetDC 3871 402d84 17 API calls 3870->3871 3872 401e60 GetDeviceCaps MulDiv ReleaseDC 3871->3872 3873 402d84 17 API calls 3872->3873 3874 401e91 3873->3874 3875 40657a 17 API calls 3874->3875 3876 401ece CreateFontIndirectW 3875->3876 3877 402638 3876->3877 3878 4045cf lstrcpynW lstrlenW 3582 402950 3583 402da6 17 API calls 3582->3583 3585 40295c 3583->3585 3584 402972 3587 406008 2 API calls 3584->3587 3585->3584 3586 402da6 17 API calls 3585->3586 3586->3584 3588 402978 3587->3588 3610 40602d GetFileAttributesW CreateFileW 3588->3610 3590 402985 3591 402a3b 3590->3591 3592 4029a0 GlobalAlloc 3590->3592 3593 402a23 3590->3593 3594 402a42 DeleteFileW 3591->3594 3595 402a55 3591->3595 3592->3593 3596 4029b9 3592->3596 3597 4032b4 31 API calls 3593->3597 3594->3595 3611 4034e5 SetFilePointer 3596->3611 3599 402a30 CloseHandle 3597->3599 3599->3591 3600 4029bf 3601 4034cf ReadFile 3600->3601 3602 4029c8 GlobalAlloc 3601->3602 3603 4029d8 3602->3603 3604 402a0c 3602->3604 3605 4032b4 31 API calls 3603->3605 3606 4060df WriteFile 3604->3606 3609 4029e5 3605->3609 3607 402a18 GlobalFree 3606->3607 3607->3593 3608 402a03 GlobalFree 3608->3604 3609->3608 3610->3590 3611->3600 3879 401956 3880 402da6 17 API calls 3879->3880 3881 40195d lstrlenW 3880->3881 3882 402638 3881->3882 3632 4014d7 3633 402d84 17 API calls 3632->3633 3634 4014dd Sleep 3633->3634 3636 402c2a 3634->3636 3637 4020d8 3638 4020ea 3637->3638 3648 40219c 3637->3648 3639 402da6 17 API calls 3638->3639 3641 4020f1 3639->3641 3640 401423 24 API calls 3646 4022f6 3640->3646 3642 402da6 17 API calls 3641->3642 3643 4020fa 3642->3643 3644 402110 LoadLibraryExW 3643->3644 3645 402102 GetModuleHandleW 3643->3645 3647 402121 3644->3647 3644->3648 3645->3644 3645->3647 3657 406979 3647->3657 3648->3640 3651 402132 3654 401423 24 API calls 3651->3654 3655 402142 3651->3655 3652 40216b 3653 40559f 24 API calls 3652->3653 3653->3655 3654->3655 3655->3646 3656 40218e FreeLibrary 3655->3656 3656->3646 3662 40655f WideCharToMultiByte 3657->3662 3659 406996 3660 40699d GetProcAddress 3659->3660 3661 40212c 3659->3661 3660->3661 3661->3651 3661->3652 3662->3659 3883 404658 3884 404670 3883->3884 3890 40478a 3883->3890 3891 404499 18 API calls 3884->3891 3885 4047f4 3886 4048be 3885->3886 3887 4047fe GetDlgItem 3885->3887 3892 404500 8 API calls 3886->3892 3888 404818 3887->3888 3889 40487f 3887->3889 3888->3889 3896 40483e SendMessageW LoadCursorW SetCursor 3888->3896 3889->3886 3897 404891 3889->3897 3890->3885 3890->3886 3893 4047c5 GetDlgItem SendMessageW 3890->3893 3894 4046d7 3891->3894 3895 4048b9 3892->3895 3916 4044bb KiUserCallbackDispatcher 3893->3916 3899 404499 18 API calls 3894->3899 3920 404907 3896->3920 3902 4048a7 3897->3902 3903 404897 SendMessageW 3897->3903 3900 4046e4 CheckDlgButton 3899->3900 3914 4044bb KiUserCallbackDispatcher 3900->3914 3902->3895 3907 4048ad SendMessageW 3902->3907 3903->3902 3904 4047ef 3917 4048e3 3904->3917 3907->3895 3909 404702 GetDlgItem 3915 4044ce SendMessageW 3909->3915 3911 404718 SendMessageW 3912 404735 GetSysColor 3911->3912 3913 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3911->3913 3912->3913 3913->3895 3914->3909 3915->3911 3916->3904 3918 4048f1 3917->3918 3919 4048f6 SendMessageW 3917->3919 3918->3919 3919->3885 3923 405b63 ShellExecuteExW 3920->3923 3922 40486d LoadCursorW SetCursor 3922->3889 3923->3922 3924 402b59 3925 402b60 3924->3925 3926 402bab 3924->3926 3929 402d84 17 API calls 3925->3929 3932 402ba9 3925->3932 3927 40690a 5 API calls 3926->3927 3928 402bb2 3927->3928 3930 402da6 17 API calls 3928->3930 3931 402b6e 3929->3931 3933 402bbb 3930->3933 3934 402d84 17 API calls 3931->3934 3933->3932 3935 402bbf IIDFromString 3933->3935 3937 402b7a 3934->3937 3935->3932 3936 402bce 3935->3936 3936->3932 3942 40653d lstrcpynW 3936->3942 3941 406484 wsprintfW 3937->3941 3940 402beb CoTaskMemFree 3940->3932 3941->3932 3942->3940 3782 40175c 3783 402da6 17 API calls 3782->3783 3784 401763 3783->3784 3785 40605c 2 API calls 3784->3785 3786 40176a 3785->3786 3787 40605c 2 API calls 3786->3787 3787->3786 3943 401d5d 3944 402d84 17 API calls 3943->3944 3945 401d6e SetWindowLongW 3944->3945 3946 402c2a 3945->3946 3788 401ede 3789 402d84 17 API calls 3788->3789 3790 401ee4 3789->3790 3791 402d84 17 API calls 3790->3791 3792 401ef0 3791->3792 3793 401f07 EnableWindow 3792->3793 3794 401efc ShowWindow 3792->3794 3795 402c2a 3793->3795 3794->3795 3796 4056de 3797 405888 3796->3797 3798 4056ff GetDlgItem GetDlgItem GetDlgItem 3796->3798 3800 405891 GetDlgItem CreateThread CloseHandle 3797->3800 3801 4058b9 3797->3801 3841 4044ce SendMessageW 3798->3841 3800->3801 3844 405672 5 API calls 3800->3844 3803 4058e4 3801->3803 3805 4058d0 ShowWindow ShowWindow 3801->3805 3806 405909 3801->3806 3802 40576f 3810 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3802->3810 3804 405944 3803->3804 3807 4058f8 3803->3807 3808 40591e ShowWindow 3803->3808 3804->3806 3817 405952 SendMessageW 3804->3817 3843 4044ce SendMessageW 3805->3843 3809 404500 8 API calls 3806->3809 3812 404472 SendMessageW 3807->3812 3813 405930 3808->3813 3814 40593e 3808->3814 3822 405917 3809->3822 3815 4057e4 3810->3815 3816 4057c8 SendMessageW SendMessageW 3810->3816 3812->3806 3818 40559f 24 API calls 3813->3818 3819 404472 SendMessageW 3814->3819 3820 4057f7 3815->3820 3821 4057e9 SendMessageW 3815->3821 3816->3815 3817->3822 3823 40596b CreatePopupMenu 3817->3823 3818->3814 3819->3804 3825 404499 18 API calls 3820->3825 3821->3820 3824 40657a 17 API calls 3823->3824 3826 40597b AppendMenuW 3824->3826 3827 405807 3825->3827 3828 405998 GetWindowRect 3826->3828 3829 4059ab TrackPopupMenu 3826->3829 3830 405810 ShowWindow 3827->3830 3831 405844 GetDlgItem SendMessageW 3827->3831 3828->3829 3829->3822 3832 4059c6 3829->3832 3833 405833 3830->3833 3834 405826 ShowWindow 3830->3834 3831->3822 3835 40586b SendMessageW SendMessageW 3831->3835 3836 4059e2 SendMessageW 3832->3836 3842 4044ce SendMessageW 3833->3842 3834->3833 3835->3822 3836->3836 3837 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3836->3837 3839 405a24 SendMessageW 3837->3839 3839->3839 3840 405a4d GlobalUnlock SetClipboardData CloseClipboard 3839->3840 3840->3822 3841->3802 3842->3831 3843->3803 3947 4028de 3948 4028e6 3947->3948 3949 4028ea FindNextFileW 3948->3949 3952 4028fc 3948->3952 3950 402943 3949->3950 3949->3952 3953 40653d lstrcpynW 3950->3953 3953->3952 3954 404ce0 3955 404cf0 3954->3955 3956 404d0c 3954->3956 3965 405b81 GetDlgItemTextW 3955->3965 3957 404d12 SHGetPathFromIDListW 3956->3957 3958 404d3f 3956->3958 3960 404d29 SendMessageW 3957->3960 3961 404d22 3957->3961 3960->3958 3963 40140b 2 API calls 3961->3963 3962 404cfd SendMessageW 3962->3956 3963->3960 3965->3962 3179 405b63 ShellExecuteExW 3966 401563 3967 402ba4 3966->3967 3970 406484 wsprintfW 3967->3970 3969 402ba9 3970->3969 3971 401968 3972 402d84 17 API calls 3971->3972 3973 40196f 3972->3973 3974 402d84 17 API calls 3973->3974 3975 40197c 3974->3975 3976 402da6 17 API calls 3975->3976 3977 401993 lstrlenW 3976->3977 3978 4019a4 3977->3978 3982 4019e5 3978->3982 3983 40653d lstrcpynW 3978->3983 3980 4019d5 3981 4019da lstrlenW 3980->3981 3980->3982 3981->3982 3983->3980 3984 40166a 3985 402da6 17 API calls 3984->3985 3986 401670 3985->3986 3987 406873 2 API calls 3986->3987 3988 401676 3987->3988 3989 402aeb 3990 402d84 17 API calls 3989->3990 3991 402af1 3990->3991 3992 40292e 3991->3992 3993 40657a 17 API calls 3991->3993 3993->3992 3271 4026ec 3272 402d84 17 API calls 3271->3272 3273 4026fb 3272->3273 3274 402745 ReadFile 3273->3274 3275 4060b0 ReadFile 3273->3275 3276 4027de 3273->3276 3278 402785 MultiByteToWideChar 3273->3278 3279 40283a 3273->3279 3281 4027ab SetFilePointer MultiByteToWideChar 3273->3281 3282 40284b 3273->3282 3284 402838 3273->3284 3274->3273 3274->3284 3275->3273 3276->3273 3276->3284 3285 40610e SetFilePointer 3276->3285 3278->3273 3294 406484 wsprintfW 3279->3294 3281->3273 3283 40286c SetFilePointer 3282->3283 3282->3284 3283->3284 3286 40612a 3285->3286 3289 406142 3285->3289 3287 4060b0 ReadFile 3286->3287 3288 406136 3287->3288 3288->3289 3290 406173 SetFilePointer 3288->3290 3291 40614b SetFilePointer 3288->3291 3289->3276 3290->3289 3291->3290 3292 406156 3291->3292 3293 4060df WriteFile 3292->3293 3293->3289 3294->3284 3541 40176f 3542 402da6 17 API calls 3541->3542 3543 401776 3542->3543 3544 401796 3543->3544 3545 40179e 3543->3545 3580 40653d lstrcpynW 3544->3580 3581 40653d lstrcpynW 3545->3581 3548 40179c 3552 4067c4 5 API calls 3548->3552 3549 4017a9 3550 405e0c 3 API calls 3549->3550 3551 4017af lstrcatW 3550->3551 3551->3548 3569 4017bb 3552->3569 3553 406873 2 API calls 3553->3569 3554 406008 2 API calls 3554->3569 3556 4017cd CompareFileTime 3556->3569 3557 40188d 3559 40559f 24 API calls 3557->3559 3558 401864 3560 40559f 24 API calls 3558->3560 3564 401879 3558->3564 3562 401897 3559->3562 3560->3564 3561 40653d lstrcpynW 3561->3569 3563 4032b4 31 API calls 3562->3563 3565 4018aa 3563->3565 3566 4018be SetFileTime 3565->3566 3567 4018d0 FindCloseChangeNotification 3565->3567 3566->3567 3567->3564 3570 4018e1 3567->3570 3568 40657a 17 API calls 3568->3569 3569->3553 3569->3554 3569->3556 3569->3557 3569->3558 3569->3561 3569->3568 3575 405b9d MessageBoxIndirectW 3569->3575 3579 40602d GetFileAttributesW CreateFileW 3569->3579 3571 4018e6 3570->3571 3572 4018f9 3570->3572 3573 40657a 17 API calls 3571->3573 3574 40657a 17 API calls 3572->3574 3576 4018ee lstrcatW 3573->3576 3577 401901 3574->3577 3575->3569 3576->3577 3578 405b9d MessageBoxIndirectW 3577->3578 3578->3564 3579->3569 3580->3548 3581->3549 3994 401a72 3995 402d84 17 API calls 3994->3995 3996 401a7b 3995->3996 3997 402d84 17 API calls 3996->3997 3998 401a20 3997->3998 3999 401573 4000 401583 ShowWindow 3999->4000 4001 40158c 3999->4001 4000->4001 4002 402c2a 4001->4002 4003 40159a ShowWindow 4001->4003 4003->4002 4004 4023f4 4005 402da6 17 API calls 4004->4005 4006 402403 4005->4006 4007 402da6 17 API calls 4006->4007 4008 40240c 4007->4008 4009 402da6 17 API calls 4008->4009 4010 402416 GetPrivateProfileStringW 4009->4010 4011 4014f5 SetForegroundWindow 4012 402c2a 4011->4012 4013 401ff6 4014 402da6 17 API calls 4013->4014 4015 401ffd 4014->4015 4016 406873 2 API calls 4015->4016 4017 402003 4016->4017 4019 402014 4017->4019 4020 406484 wsprintfW 4017->4020 4020->4019 4021 401b77 4022 402da6 17 API calls 4021->4022 4023 401b7e 4022->4023 4024 402d84 17 API calls 4023->4024 4025 401b87 wsprintfW 4024->4025 4026 402c2a 4025->4026 4027 40167b 4028 402da6 17 API calls 4027->4028 4029 401682 4028->4029 4030 402da6 17 API calls 4029->4030 4031 40168b 4030->4031 4032 402da6 17 API calls 4031->4032 4033 401694 MoveFileW 4032->4033 4034 4016a7 4033->4034 4040 4016a0 4033->4040 4036 406873 2 API calls 4034->4036 4038 4022f6 4034->4038 4035 401423 24 API calls 4035->4038 4037 4016b6 4036->4037 4037->4038 4039 4062fd 36 API calls 4037->4039 4039->4040 4040->4035 4041 4019ff 4042 402da6 17 API calls 4041->4042 4043 401a06 4042->4043 4044 402da6 17 API calls 4043->4044 4045 401a0f 4044->4045 4046 401a16 lstrcmpiW 4045->4046 4047 401a28 lstrcmpW 4045->4047 4048 401a1c 4046->4048 4047->4048 4049 4022ff 4050 402da6 17 API calls 4049->4050 4051 402305 4050->4051 4052 402da6 17 API calls 4051->4052 4053 40230e 4052->4053 4054 402da6 17 API calls 4053->4054 4055 402317 4054->4055 4056 406873 2 API calls 4055->4056 4057 402320 4056->4057 4058 402331 lstrlenW lstrlenW 4057->4058 4059 402324 4057->4059 4061 40559f 24 API calls 4058->4061 4060 40559f 24 API calls 4059->4060 4063 40232c 4059->4063 4060->4063 4062 40236f SHFileOperationW 4061->4062 4062->4059 4062->4063 4064 401000 4065 401037 BeginPaint GetClientRect 4064->4065 4066 40100c DefWindowProcW 4064->4066 4068 4010f3 4065->4068 4071 401179 4066->4071 4069 401073 CreateBrushIndirect FillRect DeleteObject 4068->4069 4070 4010fc 4068->4070 4069->4068 4072 401102 CreateFontIndirectW 4070->4072 4073 401167 EndPaint 4070->4073 4072->4073 4074 401112 6 API calls 4072->4074 4073->4071 4074->4073 4075 401d81 4076 401d94 GetDlgItem 4075->4076 4077 401d87 4075->4077 4079 401d8e 4076->4079 4078 402d84 17 API calls 4077->4078 4078->4079 4080 401dd5 GetClientRect LoadImageW SendMessageW 4079->4080 4081 402da6 17 API calls 4079->4081 4083 401e33 4080->4083 4085 401e3f 4080->4085 4081->4080 4084 401e38 DeleteObject 4083->4084 4083->4085 4084->4085 4086 401503 4087 40150b 4086->4087 4089 40151e 4086->4089 4088 402d84 17 API calls 4087->4088 4088->4089 4090 402383 4091 40238a 4090->4091 4094 40239d 4090->4094 4092 40657a 17 API calls 4091->4092 4093 402397 4092->4093 4095 405b9d MessageBoxIndirectW 4093->4095 4095->4094 4096 402c05 SendMessageW 4097 402c2a 4096->4097 4098 402c1f InvalidateRect 4096->4098 4098->4097 4099 404f06 GetDlgItem GetDlgItem 4100 404f58 7 API calls 4099->4100 4106 40517d 4099->4106 4101 404ff2 SendMessageW 4100->4101 4102 404fff DeleteObject 4100->4102 4101->4102 4103 405008 4102->4103 4104 40503f 4103->4104 4107 40657a 17 API calls 4103->4107 4108 404499 18 API calls 4104->4108 4105 40525f 4109 40530b 4105->4109 4119 4052b8 SendMessageW 4105->4119 4139 405170 4105->4139 4106->4105 4110 4051ec 4106->4110 4153 404e54 SendMessageW 4106->4153 4113 405021 SendMessageW SendMessageW 4107->4113 4114 405053 4108->4114 4111 405315 SendMessageW 4109->4111 4112 40531d 4109->4112 4110->4105 4115 405251 SendMessageW 4110->4115 4111->4112 4121 405336 4112->4121 4122 40532f ImageList_Destroy 4112->4122 4137 405346 4112->4137 4113->4103 4118 404499 18 API calls 4114->4118 4115->4105 4116 404500 8 API calls 4120 40550c 4116->4120 4132 405064 4118->4132 4124 4052cd SendMessageW 4119->4124 4119->4139 4125 40533f GlobalFree 4121->4125 4121->4137 4122->4121 4123 4054c0 4128 4054d2 ShowWindow GetDlgItem ShowWindow 4123->4128 4123->4139 4127 4052e0 4124->4127 4125->4137 4126 40513f GetWindowLongW SetWindowLongW 4129 405158 4126->4129 4138 4052f1 SendMessageW 4127->4138 4128->4139 4130 405175 4129->4130 4131 40515d ShowWindow 4129->4131 4152 4044ce SendMessageW 4130->4152 4151 4044ce SendMessageW 4131->4151 4132->4126 4133 40513a 4132->4133 4136 4050b7 SendMessageW 4132->4136 4140 4050f5 SendMessageW 4132->4140 4141 405109 SendMessageW 4132->4141 4133->4126 4133->4129 4136->4132 4137->4123 4144 405381 4137->4144 4158 404ed4 4137->4158 4138->4109 4139->4116 4140->4132 4141->4132 4143 40548b 4145 405496 InvalidateRect 4143->4145 4148 4054a2 4143->4148 4146 4053af SendMessageW 4144->4146 4147 4053c5 4144->4147 4145->4148 4146->4147 4147->4143 4149 405439 SendMessageW SendMessageW 4147->4149 4148->4123 4167 404e0f 4148->4167 4149->4147 4151->4139 4152->4106 4154 404eb3 SendMessageW 4153->4154 4155 404e77 GetMessagePos ScreenToClient SendMessageW 4153->4155 4157 404eab 4154->4157 4156 404eb0 4155->4156 4155->4157 4156->4154 4157->4110 4170 40653d lstrcpynW 4158->4170 4160 404ee7 4171 406484 wsprintfW 4160->4171 4162 404ef1 4163 40140b 2 API calls 4162->4163 4164 404efa 4163->4164 4172 40653d lstrcpynW 4164->4172 4166 404f01 4166->4144 4173 404d46 4167->4173 4169 404e24 4169->4123 4170->4160 4171->4162 4172->4166 4174 404d5f 4173->4174 4175 40657a 17 API calls 4174->4175 4176 404dc3 4175->4176 4177 40657a 17 API calls 4176->4177 4178 404dce 4177->4178 4179 40657a 17 API calls 4178->4179 4180 404de4 lstrlenW wsprintfW SetDlgItemTextW 4179->4180 4180->4169 4181 404609 lstrlenW 4182 404628 4181->4182 4183 40462a WideCharToMultiByte 4181->4183 4182->4183 3206 40248a 3207 402da6 17 API calls 3206->3207 3208 40249c 3207->3208 3209 402da6 17 API calls 3208->3209 3210 4024a6 3209->3210 3223 402e36 3210->3223 3213 40292e 3214 4024de 3216 4024ea 3214->3216 3218 402d84 17 API calls 3214->3218 3215 402da6 17 API calls 3217 4024d4 lstrlenW 3215->3217 3219 402509 RegSetValueExW 3216->3219 3227 4032b4 3216->3227 3217->3214 3218->3216 3221 40251f RegCloseKey 3219->3221 3221->3213 3224 402e51 3223->3224 3247 4063d8 3224->3247 3228 4032cd 3227->3228 3229 4032fb 3228->3229 3254 4034e5 SetFilePointer 3228->3254 3251 4034cf 3229->3251 3233 403468 3235 4034aa 3233->3235 3238 40346c 3233->3238 3234 403318 GetTickCount 3239 403452 3234->3239 3243 403367 3234->3243 3236 4034cf ReadFile 3235->3236 3236->3239 3237 4034cf ReadFile 3237->3243 3238->3239 3240 4034cf ReadFile 3238->3240 3241 4060df WriteFile 3238->3241 3239->3219 3240->3238 3241->3238 3242 4033bd GetTickCount 3242->3243 3243->3237 3243->3239 3243->3242 3244 4033e2 MulDiv wsprintfW 3243->3244 3246 4060df WriteFile 3243->3246 3245 40559f 24 API calls 3244->3245 3245->3243 3246->3243 3248 4063e7 3247->3248 3249 4063f2 RegCreateKeyExW 3248->3249 3250 4024b6 3248->3250 3249->3250 3250->3213 3250->3214 3250->3215 3252 4060b0 ReadFile 3251->3252 3253 403306 3252->3253 3253->3233 3253->3234 3253->3239 3254->3229 4184 40498a 4185 4049b6 4184->4185 4186 4049c7 4184->4186 4245 405b81 GetDlgItemTextW 4185->4245 4187 4049d3 GetDlgItem 4186->4187 4194 404a32 4186->4194 4190 4049e7 4187->4190 4189 4049c1 4192 4067c4 5 API calls 4189->4192 4193 4049fb SetWindowTextW 4190->4193 4197 405eb7 4 API calls 4190->4197 4191 404b16 4243 404cc5 4191->4243 4247 405b81 GetDlgItemTextW 4191->4247 4192->4186 4198 404499 18 API calls 4193->4198 4194->4191 4199 40657a 17 API calls 4194->4199 4194->4243 4196 404500 8 API calls 4201 404cd9 4196->4201 4202 4049f1 4197->4202 4203 404a17 4198->4203 4204 404aa6 SHBrowseForFolderW 4199->4204 4200 404b46 4205 405f14 18 API calls 4200->4205 4202->4193 4209 405e0c 3 API calls 4202->4209 4206 404499 18 API calls 4203->4206 4204->4191 4207 404abe CoTaskMemFree 4204->4207 4208 404b4c 4205->4208 4210 404a25 4206->4210 4211 405e0c 3 API calls 4207->4211 4248 40653d lstrcpynW 4208->4248 4209->4193 4246 4044ce SendMessageW 4210->4246 4213 404acb 4211->4213 4216 404b02 SetDlgItemTextW 4213->4216 4220 40657a 17 API calls 4213->4220 4215 404a2b 4218 40690a 5 API calls 4215->4218 4216->4191 4217 404b63 4219 40690a 5 API calls 4217->4219 4218->4194 4231 404b6a 4219->4231 4221 404aea lstrcmpiW 4220->4221 4221->4216 4223 404afb lstrcatW 4221->4223 4222 404bab 4249 40653d lstrcpynW 4222->4249 4223->4216 4225 404bb2 4226 405eb7 4 API calls 4225->4226 4227 404bb8 GetDiskFreeSpaceW 4226->4227 4229 404bdc MulDiv 4227->4229 4233 404c03 4227->4233 4229->4233 4230 405e58 2 API calls 4230->4231 4231->4222 4231->4230 4231->4233 4232 404c74 4235 404c97 4232->4235 4237 40140b 2 API calls 4232->4237 4233->4232 4234 404e0f 20 API calls 4233->4234 4236 404c61 4234->4236 4250 4044bb KiUserCallbackDispatcher 4235->4250 4238 404c76 SetDlgItemTextW 4236->4238 4239 404c66 4236->4239 4237->4235 4238->4232 4241 404d46 20 API calls 4239->4241 4241->4232 4242 404cb3 4242->4243 4244 4048e3 SendMessageW 4242->4244 4243->4196 4244->4243 4245->4189 4246->4215 4247->4200 4248->4217 4249->4225 4250->4242 4251 40290b 4252 402da6 17 API calls 4251->4252 4253 402912 FindFirstFileW 4252->4253 4254 40293a 4253->4254 4257 402925 4253->4257 4259 406484 wsprintfW 4254->4259 4256 402943 4260 40653d lstrcpynW 4256->4260 4259->4256 4260->4257 4261 40190c 4262 401943 4261->4262 4263 402da6 17 API calls 4262->4263 4264 401948 4263->4264 4265 405c49 67 API calls 4264->4265 4266 401951 4265->4266 4267 40190f 4268 402da6 17 API calls 4267->4268 4269 401916 4268->4269 4270 405b9d MessageBoxIndirectW 4269->4270 4271 40191f 4270->4271 3612 402891 3613 402898 3612->3613 3614 402ba9 3612->3614 3615 402d84 17 API calls 3613->3615 3616 40289f 3615->3616 3617 4028ae SetFilePointer 3616->3617 3617->3614 3618 4028be 3617->3618 3620 406484 wsprintfW 3618->3620 3620->3614 4272 401491 4273 40559f 24 API calls 4272->4273 4274 401498 4273->4274 3621 403b12 3622 403b2a 3621->3622 3623 403b1c CloseHandle 3621->3623 3628 403b57 3622->3628 3623->3622 3626 405c49 67 API calls 3627 403b3b 3626->3627 3630 403b65 3628->3630 3629 403b2f 3629->3626 3630->3629 3631 403b6a FreeLibrary GlobalFree 3630->3631 3631->3629 3631->3631 4275 401f12 4276 402da6 17 API calls 4275->4276 4277 401f18 4276->4277 4278 402da6 17 API calls 4277->4278 4279 401f21 4278->4279 4280 402da6 17 API calls 4279->4280 4281 401f2a 4280->4281 4282 402da6 17 API calls 4281->4282 4283 401f33 4282->4283 4284 401423 24 API calls 4283->4284 4285 401f3a 4284->4285 4292 405b63 ShellExecuteExW 4285->4292 4287 401f82 4288 40292e 4287->4288 4289 4069b5 5 API calls 4287->4289 4290 401f9f FindCloseChangeNotification 4289->4290 4290->4288 4292->4287 4293 405513 4294 405523 4293->4294 4295 405537 4293->4295 4296 405580 4294->4296 4297 405529 4294->4297 4298 40553f IsWindowVisible 4295->4298 4304 405556 4295->4304 4299 405585 CallWindowProcW 4296->4299 4300 4044e5 SendMessageW 4297->4300 4298->4296 4301 40554c 4298->4301 4302 405533 4299->4302 4300->4302 4303 404e54 5 API calls 4301->4303 4303->4304 4304->4299 4305 404ed4 4 API calls 4304->4305 4305->4296 4306 402f93 4307 402fa5 SetTimer 4306->4307 4308 402fbe 4306->4308 4307->4308 4309 403013 4308->4309 4310 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4308->4310 4310->4309 4311 401d17 4312 402d84 17 API calls 4311->4312 4313 401d1d IsWindow 4312->4313 4314 401a20 4313->4314 3663 403f9a 3664 403fb2 3663->3664 3665 404113 3663->3665 3664->3665 3666 403fbe 3664->3666 3667 404164 3665->3667 3668 404124 GetDlgItem GetDlgItem 3665->3668 3670 403fc9 SetWindowPos 3666->3670 3671 403fdc 3666->3671 3669 4041be 3667->3669 3680 401389 2 API calls 3667->3680 3672 404499 18 API calls 3668->3672 3673 4044e5 SendMessageW 3669->3673 3681 40410e 3669->3681 3670->3671 3674 403fe5 ShowWindow 3671->3674 3675 404027 3671->3675 3676 40414e SetClassLongW 3672->3676 3703 4041d0 3673->3703 3682 404100 3674->3682 3683 404005 GetWindowLongW 3674->3683 3677 404046 3675->3677 3678 40402f DestroyWindow 3675->3678 3679 40140b 2 API calls 3676->3679 3685 40404b SetWindowLongW 3677->3685 3686 40405c 3677->3686 3684 404422 3678->3684 3679->3667 3687 404196 3680->3687 3745 404500 3682->3745 3683->3682 3689 40401e ShowWindow 3683->3689 3684->3681 3696 404453 ShowWindow 3684->3696 3685->3681 3686->3682 3690 404068 GetDlgItem 3686->3690 3687->3669 3691 40419a SendMessageW 3687->3691 3689->3675 3694 404096 3690->3694 3695 404079 SendMessageW IsWindowEnabled 3690->3695 3691->3681 3692 40140b 2 API calls 3692->3703 3693 404424 DestroyWindow KiUserCallbackDispatcher 3693->3684 3698 4040a3 3694->3698 3700 4040ea SendMessageW 3694->3700 3701 4040b6 3694->3701 3710 40409b 3694->3710 3695->3681 3695->3694 3696->3681 3697 40657a 17 API calls 3697->3703 3698->3700 3698->3710 3700->3682 3704 4040d3 3701->3704 3705 4040be 3701->3705 3702 4040d1 3702->3682 3703->3681 3703->3692 3703->3693 3703->3697 3706 404499 18 API calls 3703->3706 3727 404364 DestroyWindow 3703->3727 3736 404499 3703->3736 3707 40140b 2 API calls 3704->3707 3708 40140b 2 API calls 3705->3708 3706->3703 3709 4040da 3707->3709 3708->3710 3709->3682 3709->3710 3742 404472 3710->3742 3712 40424b GetDlgItem 3713 404260 3712->3713 3714 404268 ShowWindow KiUserCallbackDispatcher 3712->3714 3713->3714 3739 4044bb KiUserCallbackDispatcher 3714->3739 3716 404292 EnableWindow 3721 4042a6 3716->3721 3717 4042ab GetSystemMenu EnableMenuItem SendMessageW 3718 4042db SendMessageW 3717->3718 3717->3721 3718->3721 3720 403f7b 18 API calls 3720->3721 3721->3717 3721->3720 3740 4044ce SendMessageW 3721->3740 3741 40653d lstrcpynW 3721->3741 3723 40430a lstrlenW 3724 40657a 17 API calls 3723->3724 3725 404320 SetWindowTextW 3724->3725 3726 401389 2 API calls 3725->3726 3726->3703 3727->3684 3728 40437e CreateDialogParamW 3727->3728 3728->3684 3729 4043b1 3728->3729 3730 404499 18 API calls 3729->3730 3731 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3730->3731 3732 401389 2 API calls 3731->3732 3733 404402 3732->3733 3733->3681 3734 40440a ShowWindow 3733->3734 3735 4044e5 SendMessageW 3734->3735 3735->3684 3737 40657a 17 API calls 3736->3737 3738 4044a4 SetDlgItemTextW 3737->3738 3738->3712 3739->3716 3740->3721 3741->3723 3743 404479 3742->3743 3744 40447f SendMessageW 3742->3744 3743->3744 3744->3702 3746 4045c3 3745->3746 3747 404518 GetWindowLongW 3745->3747 3746->3681 3747->3746 3748 40452d 3747->3748 3748->3746 3749 40455a GetSysColor 3748->3749 3750 40455d 3748->3750 3749->3750 3751 404563 SetTextColor 3750->3751 3752 40456d SetBkMode 3750->3752 3751->3752 3753 404585 GetSysColor 3752->3753 3754 40458b 3752->3754 3753->3754 3755 404592 SetBkColor 3754->3755 3756 40459c 3754->3756 3755->3756 3756->3746 3757 4045b6 CreateBrushIndirect 3756->3757 3758 4045af DeleteObject 3756->3758 3757->3746 3758->3757 3759 401b9b 3760 401ba8 3759->3760 3761 401bec 3759->3761 3766 401c31 3760->3766 3767 401bbf 3760->3767 3762 401bf1 3761->3762 3763 401c16 GlobalAlloc 3761->3763 3768 40239d 3762->3768 3780 40653d lstrcpynW 3762->3780 3764 40657a 17 API calls 3763->3764 3764->3766 3765 40657a 17 API calls 3769 402397 3765->3769 3766->3765 3766->3768 3778 40653d lstrcpynW 3767->3778 3774 405b9d MessageBoxIndirectW 3769->3774 3772 401c03 GlobalFree 3772->3768 3773 401bce 3779 40653d lstrcpynW 3773->3779 3774->3768 3776 401bdd 3781 40653d lstrcpynW 3776->3781 3778->3773 3779->3776 3780->3772 3781->3768 4315 40261c 4316 402da6 17 API calls 4315->4316 4317 402623 4316->4317 4320 40602d GetFileAttributesW CreateFileW 4317->4320 4319 40262f 4320->4319 4321 40149e 4322 4014ac PostQuitMessage 4321->4322 4323 40239d 4321->4323 4322->4323 4324 40259e 4334 402de6 4324->4334 4327 402d84 17 API calls 4328 4025b1 4327->4328 4329 4025d9 RegEnumValueW 4328->4329 4330 4025cd RegEnumKeyW 4328->4330 4332 40292e 4328->4332 4331 4025ee RegCloseKey 4329->4331 4330->4331 4331->4332 4335 402da6 17 API calls 4334->4335 4336 402dfd 4335->4336 4337 4063aa RegOpenKeyExW 4336->4337 4338 4025a8 4337->4338 4338->4327 4339 4015a3 4340 402da6 17 API calls 4339->4340 4341 4015aa SetFileAttributesW 4340->4341 4342 4015bc 4341->4342 3180 401fa4 3181 402da6 17 API calls 3180->3181 3182 401faa 3181->3182 3183 40559f 24 API calls 3182->3183 3184 401fb4 3183->3184 3193 405b20 CreateProcessW 3184->3193 3187 40292e 3190 401fcf 3191 401fdd FindCloseChangeNotification 3190->3191 3201 406484 wsprintfW 3190->3201 3191->3187 3194 405b53 CloseHandle 3193->3194 3195 401fba 3193->3195 3194->3195 3195->3187 3195->3191 3196 4069b5 WaitForSingleObject 3195->3196 3197 4069cf 3196->3197 3198 4069e1 GetExitCodeProcess 3197->3198 3202 406946 3197->3202 3198->3190 3201->3191 3203 406963 PeekMessageW 3202->3203 3204 406973 WaitForSingleObject 3203->3204 3205 406959 DispatchMessageW 3203->3205 3204->3197 3205->3203 3255 4021aa 3256 402da6 17 API calls 3255->3256 3257 4021b1 3256->3257 3258 402da6 17 API calls 3257->3258 3259 4021bb 3258->3259 3260 402da6 17 API calls 3259->3260 3261 4021c5 3260->3261 3262 402da6 17 API calls 3261->3262 3263 4021cf 3262->3263 3264 402da6 17 API calls 3263->3264 3265 4021d9 3264->3265 3266 402218 CoCreateInstance 3265->3266 3267 402da6 17 API calls 3265->3267 3270 402237 3266->3270 3267->3266 3268 401423 24 API calls 3269 4022f6 3268->3269 3270->3268 3270->3269 4343 40202a 4344 402da6 17 API calls 4343->4344 4345 402031 4344->4345 4346 40690a 5 API calls 4345->4346 4347 402040 4346->4347 4348 4020cc 4347->4348 4349 40205c GlobalAlloc 4347->4349 4349->4348 4350 402070 4349->4350 4351 40690a 5 API calls 4350->4351 4352 402077 4351->4352 4353 40690a 5 API calls 4352->4353 4354 402081 4353->4354 4354->4348 4358 406484 wsprintfW 4354->4358 4356 4020ba 4359 406484 wsprintfW 4356->4359 4358->4356 4359->4348 4360 40252a 4361 402de6 17 API calls 4360->4361 4362 402534 4361->4362 4363 402da6 17 API calls 4362->4363 4364 40253d 4363->4364 4365 402548 RegQueryValueExW 4364->4365 4366 40292e 4364->4366 4367 402568 4365->4367 4370 40256e RegCloseKey 4365->4370 4367->4370 4371 406484 wsprintfW 4367->4371 4370->4366 4371->4370 4372 403baa 4373 403bb5 4372->4373 4374 403bb9 4373->4374 4375 403bbc GlobalAlloc 4373->4375 4375->4374 3295 40352d SetErrorMode GetVersionExW 3296 4035b7 3295->3296 3297 40357f GetVersionExW 3295->3297 3298 403610 3296->3298 3299 40690a 5 API calls 3296->3299 3297->3296 3300 40689a 3 API calls 3298->3300 3299->3298 3301 403626 lstrlenA 3300->3301 3301->3298 3302 403636 3301->3302 3303 40690a 5 API calls 3302->3303 3304 40363d 3303->3304 3305 40690a 5 API calls 3304->3305 3306 403644 3305->3306 3307 40690a 5 API calls 3306->3307 3311 403650 #17 OleInitialize SHGetFileInfoW 3307->3311 3310 40369d GetCommandLineW 3386 40653d lstrcpynW 3310->3386 3385 40653d lstrcpynW 3311->3385 3313 4036af 3314 405e39 CharNextW 3313->3314 3315 4036d5 CharNextW 3314->3315 3327 4036e6 3315->3327 3316 4037e4 3317 4037f8 GetTempPathW 3316->3317 3387 4034fc 3317->3387 3319 403810 3321 403814 GetWindowsDirectoryW lstrcatW 3319->3321 3322 40386a DeleteFileW 3319->3322 3320 405e39 CharNextW 3320->3327 3323 4034fc 12 API calls 3321->3323 3397 40307d GetTickCount GetModuleFileNameW 3322->3397 3325 403830 3323->3325 3325->3322 3328 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3325->3328 3326 40387d 3330 403a59 ExitProcess OleUninitialize 3326->3330 3332 403932 3326->3332 3340 405e39 CharNextW 3326->3340 3327->3316 3327->3320 3329 4037e6 3327->3329 3331 4034fc 12 API calls 3328->3331 3481 40653d lstrcpynW 3329->3481 3334 403a69 3330->3334 3335 403a7e 3330->3335 3339 403862 3331->3339 3425 403bec 3332->3425 3486 405b9d 3334->3486 3337 403a86 GetCurrentProcess OpenProcessToken 3335->3337 3338 403afc ExitProcess 3335->3338 3343 403acc 3337->3343 3344 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3337->3344 3339->3322 3339->3330 3354 40389f 3340->3354 3347 40690a 5 API calls 3343->3347 3344->3343 3345 403941 3345->3330 3350 403ad3 3347->3350 3348 403908 3351 405f14 18 API calls 3348->3351 3349 403949 3353 405b08 5 API calls 3349->3353 3352 403ae8 ExitWindowsEx 3350->3352 3356 403af5 3350->3356 3355 403914 3351->3355 3352->3338 3352->3356 3357 40394e lstrcatW 3353->3357 3354->3348 3354->3349 3355->3330 3482 40653d lstrcpynW 3355->3482 3490 40140b 3356->3490 3358 40396a lstrcatW lstrcmpiW 3357->3358 3359 40395f lstrcatW 3357->3359 3358->3345 3361 40398a 3358->3361 3359->3358 3363 403996 3361->3363 3364 40398f 3361->3364 3367 405aeb 2 API calls 3363->3367 3366 405a6e 4 API calls 3364->3366 3365 403927 3483 40653d lstrcpynW 3365->3483 3369 403994 3366->3369 3370 40399b SetCurrentDirectoryW 3367->3370 3369->3370 3371 4039b8 3370->3371 3372 4039ad 3370->3372 3485 40653d lstrcpynW 3371->3485 3484 40653d lstrcpynW 3372->3484 3375 40657a 17 API calls 3376 4039fa DeleteFileW 3375->3376 3377 403a06 CopyFileW 3376->3377 3382 4039c5 3376->3382 3377->3382 3378 403a50 3380 4062fd 36 API calls 3378->3380 3379 4062fd 36 API calls 3379->3382 3380->3345 3381 40657a 17 API calls 3381->3382 3382->3375 3382->3378 3382->3379 3382->3381 3383 405b20 2 API calls 3382->3383 3384 403a3a CloseHandle 3382->3384 3383->3382 3384->3382 3385->3310 3386->3313 3388 4067c4 5 API calls 3387->3388 3390 403508 3388->3390 3389 403512 3389->3319 3390->3389 3391 405e0c 3 API calls 3390->3391 3392 40351a 3391->3392 3393 405aeb 2 API calls 3392->3393 3394 403520 3393->3394 3493 40605c 3394->3493 3497 40602d GetFileAttributesW CreateFileW 3397->3497 3399 4030bd 3417 4030cd 3399->3417 3498 40653d lstrcpynW 3399->3498 3401 4030e3 3402 405e58 2 API calls 3401->3402 3403 4030e9 3402->3403 3499 40653d lstrcpynW 3403->3499 3405 4030f4 GetFileSize 3406 4031ee 3405->3406 3424 40310b 3405->3424 3500 403019 3406->3500 3408 4031f7 3410 403227 GlobalAlloc 3408->3410 3408->3417 3512 4034e5 SetFilePointer 3408->3512 3409 4034cf ReadFile 3409->3424 3511 4034e5 SetFilePointer 3410->3511 3412 40325a 3414 403019 6 API calls 3412->3414 3414->3417 3415 403210 3418 4034cf ReadFile 3415->3418 3416 403242 3419 4032b4 31 API calls 3416->3419 3417->3326 3420 40321b 3418->3420 3422 40324e 3419->3422 3420->3410 3420->3417 3421 403019 6 API calls 3421->3424 3422->3417 3422->3422 3423 40328b SetFilePointer 3422->3423 3423->3417 3424->3406 3424->3409 3424->3412 3424->3417 3424->3421 3426 40690a 5 API calls 3425->3426 3427 403c00 3426->3427 3428 403c06 3427->3428 3429 403c18 3427->3429 3528 406484 wsprintfW 3428->3528 3430 40640b 3 API calls 3429->3430 3431 403c48 3430->3431 3433 403c67 lstrcatW 3431->3433 3435 40640b 3 API calls 3431->3435 3434 403c16 3433->3434 3513 403ec2 3434->3513 3435->3433 3438 405f14 18 API calls 3439 403c99 3438->3439 3440 403d2d 3439->3440 3442 40640b 3 API calls 3439->3442 3441 405f14 18 API calls 3440->3441 3443 403d33 3441->3443 3444 403ccb 3442->3444 3445 403d43 LoadImageW 3443->3445 3446 40657a 17 API calls 3443->3446 3444->3440 3449 403cec lstrlenW 3444->3449 3452 405e39 CharNextW 3444->3452 3447 403de9 3445->3447 3448 403d6a RegisterClassW 3445->3448 3446->3445 3451 40140b 2 API calls 3447->3451 3450 403da0 SystemParametersInfoW CreateWindowExW 3448->3450 3480 403df3 3448->3480 3453 403d20 3449->3453 3454 403cfa lstrcmpiW 3449->3454 3450->3447 3458 403def 3451->3458 3456 403ce9 3452->3456 3455 405e0c 3 API calls 3453->3455 3454->3453 3457 403d0a GetFileAttributesW 3454->3457 3460 403d26 3455->3460 3456->3449 3461 403d16 3457->3461 3459 403ec2 18 API calls 3458->3459 3458->3480 3462 403e00 3459->3462 3529 40653d lstrcpynW 3460->3529 3461->3453 3464 405e58 2 API calls 3461->3464 3465 403e0c ShowWindow 3462->3465 3466 403e8f 3462->3466 3464->3453 3468 40689a 3 API calls 3465->3468 3521 405672 OleInitialize 3466->3521 3470 403e24 3468->3470 3469 403e95 3471 403eb1 3469->3471 3472 403e99 3469->3472 3473 403e32 GetClassInfoW 3470->3473 3475 40689a 3 API calls 3470->3475 3474 40140b 2 API calls 3471->3474 3478 40140b 2 API calls 3472->3478 3472->3480 3476 403e46 GetClassInfoW RegisterClassW 3473->3476 3477 403e5c DialogBoxParamW 3473->3477 3474->3480 3475->3473 3476->3477 3479 40140b 2 API calls 3477->3479 3478->3480 3479->3480 3480->3345 3481->3317 3482->3365 3483->3332 3484->3371 3485->3382 3487 405bb2 3486->3487 3488 403a76 ExitProcess 3487->3488 3489 405bc6 MessageBoxIndirectW 3487->3489 3489->3488 3491 401389 2 API calls 3490->3491 3492 401420 3491->3492 3492->3338 3494 406069 GetTickCount GetTempFileNameW 3493->3494 3495 40352b 3494->3495 3496 40609f 3494->3496 3495->3319 3496->3494 3496->3495 3497->3399 3498->3401 3499->3405 3501 403022 3500->3501 3502 40303a 3500->3502 3503 403032 3501->3503 3504 40302b DestroyWindow 3501->3504 3505 403042 3502->3505 3506 40304a GetTickCount 3502->3506 3503->3408 3504->3503 3507 406946 2 API calls 3505->3507 3508 403058 CreateDialogParamW ShowWindow 3506->3508 3509 40307b 3506->3509 3510 403048 3507->3510 3508->3509 3509->3408 3510->3408 3511->3416 3512->3415 3514 403ed6 3513->3514 3530 406484 wsprintfW 3514->3530 3516 403f47 3531 403f7b 3516->3531 3518 403c77 3518->3438 3519 403f4c 3519->3518 3520 40657a 17 API calls 3519->3520 3520->3519 3534 4044e5 3521->3534 3523 4056bc 3524 4044e5 SendMessageW 3523->3524 3526 4056ce OleUninitialize 3524->3526 3525 405695 3525->3523 3537 401389 3525->3537 3526->3469 3528->3434 3529->3440 3530->3516 3532 40657a 17 API calls 3531->3532 3533 403f89 SetWindowTextW 3532->3533 3533->3519 3535 4044fd 3534->3535 3536 4044ee SendMessageW 3534->3536 3535->3525 3536->3535 3539 401390 3537->3539 3538 4013fe 3538->3525 3539->3538 3540 4013cb MulDiv SendMessageW 3539->3540 3540->3539 4376 401a30 4377 402da6 17 API calls 4376->4377 4378 401a39 ExpandEnvironmentStringsW 4377->4378 4379 401a4d 4378->4379 4381 401a60 4378->4381 4380 401a52 lstrcmpW 4379->4380 4379->4381 4380->4381 4387 4023b2 4388 4023c0 4387->4388 4389 4023ba 4387->4389 4391 4023ce 4388->4391 4392 402da6 17 API calls 4388->4392 4390 402da6 17 API calls 4389->4390 4390->4388 4393 402da6 17 API calls 4391->4393 4395 4023dc 4391->4395 4392->4391 4393->4395 4394 402da6 17 API calls 4396 4023e5 WritePrivateProfileStringW 4394->4396 4395->4394 4397 402434 4398 402467 4397->4398 4399 40243c 4397->4399 4400 402da6 17 API calls 4398->4400 4401 402de6 17 API calls 4399->4401 4402 40246e 4400->4402 4403 402443 4401->4403 4408 402e64 4402->4408 4405 402da6 17 API calls 4403->4405 4406 40247b 4403->4406 4407 402454 RegDeleteValueW RegCloseKey 4405->4407 4407->4406 4409 402e71 4408->4409 4410 402e78 4408->4410 4409->4406 4410->4409 4412 402ea9 4410->4412 4413 4063aa RegOpenKeyExW 4412->4413 4414 402ed7 4413->4414 4415 402ee7 RegEnumValueW 4414->4415 4416 402f0a 4414->4416 4423 402f81 4414->4423 4415->4416 4417 402f71 RegCloseKey 4415->4417 4416->4417 4418 402f46 RegEnumKeyW 4416->4418 4419 402f4f RegCloseKey 4416->4419 4422 402ea9 6 API calls 4416->4422 4417->4423 4418->4416 4418->4419 4420 40690a 5 API calls 4419->4420 4421 402f5f 4420->4421 4421->4423 4424 402f63 RegDeleteKeyW 4421->4424 4422->4416 4423->4409 4424->4423 4425 401735 4426 402da6 17 API calls 4425->4426 4427 40173c SearchPathW 4426->4427 4428 401757 4427->4428 4429 401d38 4430 402d84 17 API calls 4429->4430 4431 401d3f 4430->4431 4432 402d84 17 API calls 4431->4432 4433 401d4b GetDlgItem 4432->4433 4434 402638 4433->4434 4435 4014b8 4436 4014be 4435->4436 4437 401389 2 API calls 4436->4437 4438 4014c6 4437->4438 4439 40263e 4440 402652 4439->4440 4441 40266d 4439->4441 4442 402d84 17 API calls 4440->4442 4443 402672 4441->4443 4444 40269d 4441->4444 4451 402659 4442->4451 4445 402da6 17 API calls 4443->4445 4446 402da6 17 API calls 4444->4446 4448 402679 4445->4448 4447 4026a4 lstrlenW 4446->4447 4447->4451 4456 40655f WideCharToMultiByte 4448->4456 4450 40268d lstrlenA 4450->4451 4452 4026d1 4451->4452 4453 4026e7 4451->4453 4455 40610e 5 API calls 4451->4455 4452->4453 4454 4060df WriteFile 4452->4454 4454->4453 4455->4452 4456->4450

                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                              Function 0040352D Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 11 403614 5->11 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 11->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 25 40365c 21->25 25->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 38 403702-403706 35->38 39 4036fd-403701 35->39 36->35 36->36 47 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->47 48 40386a-403882 DeleteFileW call 40307d 37->48 41 4037c6-4037d4 call 405e39 38->41 42 40370c-403712 38->42 39->38 41->32 59 4037d6-4037d7 41->59 45 403714-40371b 42->45 46 40372c-403765 42->46 52 403722 45->52 53 40371d-403720 45->53 54 403781-4037bb 46->54 55 403767-40376c 46->55 47->48 62 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 47->62 64 403888-40388e 48->64 65 403a59-403a67 ExitProcess OleUninitialize 48->65 52->46 53->46 53->52 57 4037c3-4037c5 54->57 58 4037bd-4037c1 54->58 55->54 61 40376e-403776 55->61 57->41 58->57 63 4037e6-4037f3 call 40653d 58->63 59->32 66 403778-40377b 61->66 67 40377d 61->67 62->48 62->65 63->37 69 403894-4038a7 call 405e39 64->69 70 403935-40393c call 403bec 64->70 72 403a69-403a78 call 405b9d ExitProcess 65->72 73 403a7e-403a84 65->73 66->54 66->67 67->54 88 4038f9-403906 69->88 89 4038a9-4038de 69->89 84 403941-403944 70->84 75 403a86-403a9b GetCurrentProcess OpenProcessToken 73->75 76 403afc-403b04 73->76 81 403acc-403ada call 40690a 75->81 82 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 75->82 85 403b06 76->85 86 403b09-403b0c ExitProcess 76->86 95 403ae8-403af3 ExitWindowsEx 81->95 96 403adc-403ae6 81->96 82->81 84->65 85->86 90 403908-403916 call 405f14 88->90 91 403949-40395d call 405b08 lstrcatW 88->91 93 4038e0-4038e4 89->93 90->65 106 40391c-403932 call 40653d * 2 90->106 104 40396a-403984 lstrcatW lstrcmpiW 91->104 105 40395f-403965 lstrcatW 91->105 98 4038e6-4038eb 93->98 99 4038ed-4038f5 93->99 95->76 102 403af5-403af7 call 40140b 95->102 96->95 96->102 98->99 100 4038f7 98->100 99->93 99->100 100->88 102->76 109 403a57 104->109 110 40398a-40398d 104->110 105->104 106->70 109->65 112 403996 call 405aeb 110->112 113 40398f-403994 call 405a6e 110->113 119 40399b-4039ab SetCurrentDirectoryW 112->119 113->119 121 4039b8-4039e4 call 40653d 119->121 122 4039ad-4039b3 call 40653d 119->122 126 4039e9-403a04 call 40657a DeleteFileW 121->126 122->121 129 403a44-403a4e 126->129 130 403a06-403a16 CopyFileW 126->130 129->126 132 403a50-403a52 call 4062fd 129->132 130->129 131 403a18-403a38 call 4062fd call 40657a call 405b20 130->131 131->129 140 403a3a-403a41 CloseHandle 131->140 132->109 140->129
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00008001), ref: 00403550
                                                                                                                                                                                                                                              • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                                                                                                                                              • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                                                                                                                                              • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                                                                                                                                              • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                                                                                                                                              • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                                                                                                                                              • CharNextW.USER32(00000000,"C:\Users\user\AppData\Local\Temp\SetupEngine.exe" ,00000020,"C:\Users\user\AppData\Local\Temp\SetupEngine.exe" ,00000000), ref: 004036D6
                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(1033), ref: 0040386F
                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                                                                                                                                                                                • Part of subcall function 00405AEB: CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\AppData\Local\Temp\SetupEngine.exe" ,00000000,?), ref: 0040397C
                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                                                                                                                                                                                                                                              • CopyFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\SetupEngine.exe,0042AA28,00000001), ref: 00403A0E
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32(?), ref: 00403A59
                                                                                                                                                                                                                                              • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" $&dsk_iosec=59478&dsk_mbsec=232&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=101&os_archi$.tmp$1033$C:\Program Files (x86)\Fast!$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupEngine.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                              • API String ID: 2292928366-3366010988
                                                                                                                                                                                                                                              • Opcode ID: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                                                                                                                                              • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 440 405c49-405c6f call 405f14 443 405c71-405c83 DeleteFileW 440->443 444 405c88-405c8f 440->444 445 405e05-405e09 443->445 446 405c91-405c93 444->446 447 405ca2-405cb2 call 40653d 444->447 448 405db3-405db8 446->448 449 405c99-405c9c 446->449 455 405cc1-405cc2 call 405e58 447->455 456 405cb4-405cbf lstrcatW 447->456 448->445 451 405dba-405dbd 448->451 449->447 449->448 453 405dc7-405dcf call 406873 451->453 454 405dbf-405dc5 451->454 453->445 464 405dd1-405de5 call 405e0c call 405c01 453->464 454->445 458 405cc7-405ccb 455->458 456->458 460 405cd7-405cdd lstrcatW 458->460 461 405ccd-405cd5 458->461 463 405ce2-405cfe lstrlenW FindFirstFileW 460->463 461->460 461->463 465 405d04-405d0c 463->465 466 405da8-405dac 463->466 480 405de7-405dea 464->480 481 405dfd-405e00 call 40559f 464->481 468 405d2c-405d40 call 40653d 465->468 469 405d0e-405d16 465->469 466->448 471 405dae 466->471 482 405d42-405d4a 468->482 483 405d57-405d62 call 405c01 468->483 472 405d18-405d20 469->472 473 405d8b-405d9b FindNextFileW 469->473 471->448 472->468 476 405d22-405d2a 472->476 473->465 479 405da1-405da2 FindClose 473->479 476->468 476->473 479->466 480->454 486 405dec-405dfb call 40559f call 4062fd 480->486 481->445 482->473 487 405d4c-405d55 call 405c49 482->487 491 405d83-405d86 call 40559f 483->491 492 405d64-405d67 483->492 486->445 487->473 491->473 495 405d69-405d79 call 40559f call 4062fd 492->495 496 405d7b-405d81 492->496 495->473 496->473
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,76F93420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nshBC38.tmp\*.*,\*.*), ref: 00405CBA
                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nshBC38.tmp\*.*,?,?,76F93420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\nshBC38.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nshBC38.tmp\*.*,?,?,76F93420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                                                                                                                                              • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                              • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nshBC38.tmp\*.*$\*.*
                                                                                                                                                                                                                                              • API String ID: 2035342205-4167578808
                                                                                                                                                                                                                                              • Opcode ID: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                                                                                              • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(76F93420,004302B8,C:\,00405F5D,C:\,C:\,00000000,C:\,C:\,76F93420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F93420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                              • String ID: C:\
                                                                                                                                                                                                                                              • API String ID: 2295610775-3404278061
                                                                                                                                                                                                                                              • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                                              • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 141 4056de-4056f9 142 405888-40588f 141->142 143 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 405891-4058b3 GetDlgItem CreateThread CloseHandle 142->145 146 4058b9-4058c6 142->146 165 4057e4-4057e7 143->165 166 4057c8-4057e2 SendMessageW * 2 143->166 145->146 148 4058e4-4058ee 146->148 149 4058c8-4058ce 146->149 150 4058f0-4058f6 148->150 151 405944-405948 148->151 153 4058d0-4058df ShowWindow * 2 call 4044ce 149->153 154 405909-405912 call 404500 149->154 155 4058f8-405904 call 404472 150->155 156 40591e-40592e ShowWindow 150->156 151->154 159 40594a-405950 151->159 153->148 162 405917-40591b 154->162 155->154 163 405930-405939 call 40559f 156->163 164 40593e-40593f call 404472 156->164 159->154 167 405952-405965 SendMessageW 159->167 163->164 164->151 170 4057f7-40580e call 404499 165->170 171 4057e9-4057f5 SendMessageW 165->171 166->165 172 405a67-405a69 167->172 173 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 167->173 180 405810-405824 ShowWindow 170->180 181 405844-405865 GetDlgItem SendMessageW 170->181 171->170 172->162 178 405998-4059a8 GetWindowRect 173->178 179 4059ab-4059c0 TrackPopupMenu 173->179 178->179 179->172 182 4059c6-4059dd 179->182 183 405833 180->183 184 405826-405831 ShowWindow 180->184 181->172 185 40586b-405883 SendMessageW * 2 181->185 186 4059e2-4059fd SendMessageW 182->186 187 405839-40583f call 4044ce 183->187 184->187 185->172 186->186 188 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 186->188 187->181 190 405a24-405a4b SendMessageW 188->190 190->190 191 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 190->191 191->172
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00405788
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                                                                                                                                                                                • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004058B3
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                                                                                                                                              • ShowWindow.USER32(0001047A,00000008), ref: 004058DC
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                                                                                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                                                                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                                                                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 00405A61
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                              • String ID: {
                                                                                                                                                                                                                                              • API String ID: 590372296-366298937
                                                                                                                                                                                                                                              • Opcode ID: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                                                                                                                                                                                              • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 192 403f9a-403fac 193 403fb2-403fb8 192->193 194 404113-404122 192->194 193->194 195 403fbe-403fc7 193->195 196 404171-404186 194->196 197 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 194->197 200 403fc9-403fd6 SetWindowPos 195->200 201 403fdc-403fe3 195->201 198 4041c6-4041cb call 4044e5 196->198 199 404188-40418b 196->199 197->196 214 4041d0-4041eb 198->214 203 40418d-404198 call 401389 199->203 204 4041be-4041c0 199->204 200->201 206 403fe5-403fff ShowWindow 201->206 207 404027-40402d 201->207 203->204 228 40419a-4041b9 SendMessageW 203->228 204->198 213 404466 204->213 215 404100-40410e call 404500 206->215 216 404005-404018 GetWindowLongW 206->216 209 404046-404049 207->209 210 40402f-404041 DestroyWindow 207->210 220 40404b-404057 SetWindowLongW 209->220 221 40405c-404062 209->221 217 404443-404449 210->217 219 404468-40446f 213->219 224 4041f4-4041fa 214->224 225 4041ed-4041ef call 40140b 214->225 215->219 216->215 226 40401e-404021 ShowWindow 216->226 217->213 231 40444b-404451 217->231 220->219 221->215 227 404068-404077 GetDlgItem 221->227 232 404200-40420b 224->232 233 404424-40443d DestroyWindow KiUserCallbackDispatcher 224->233 225->224 226->207 235 404096-404099 227->235 236 404079-404090 SendMessageW IsWindowEnabled 227->236 228->219 231->213 237 404453-40445c ShowWindow 231->237 232->233 234 404211-40425e call 40657a call 404499 * 3 GetDlgItem 232->234 233->217 264 404260-404265 234->264 265 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb EnableWindow 234->265 239 40409b-40409c 235->239 240 40409e-4040a1 235->240 236->213 236->235 237->213 242 4040cc-4040d1 call 404472 239->242 243 4040a3-4040a9 240->243 244 4040af-4040b4 240->244 242->215 247 4040ea-4040fa SendMessageW 243->247 248 4040ab-4040ad 243->248 244->247 249 4040b6-4040bc 244->249 247->215 248->242 252 4040d3-4040dc call 40140b 249->252 253 4040be-4040c4 call 40140b 249->253 252->215 262 4040de-4040e8 252->262 260 4040ca 253->260 260->242 262->260 264->265 268 4042a6-4042a7 265->268 269 4042a9 265->269 270 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 4042db-4042ec SendMessageW 270->271 272 4042ee 270->272 273 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 271->273 272->273 273->214 284 404339-40433b 273->284 284->214 285 404341-404345 284->285 286 404364-404378 DestroyWindow 285->286 287 404347-40434d 285->287 286->217 289 40437e-4043ab CreateDialogParamW 286->289 287->213 288 404353-404359 287->288 288->214 290 40435f 288->290 289->217 291 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 289->291 290->213 291->213 296 40440a-40441d ShowWindow call 4044e5 291->296 298 404422 296->298 298->217
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                                                                                                                                              • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 00404035
                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                                                                                                                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                                                                                                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 0040429C
                                                                                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 121052019-0
                                                                                                                                                                                                                                              • Opcode ID: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                                                                                                                                              • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 299 403bec-403c04 call 40690a 302 403c06-403c16 call 406484 299->302 303 403c18-403c4f call 40640b 299->303 312 403c72-403c9b call 403ec2 call 405f14 302->312 308 403c51-403c62 call 40640b 303->308 309 403c67-403c6d lstrcatW 303->309 308->309 309->312 317 403ca1-403ca6 312->317 318 403d2d-403d35 call 405f14 312->318 317->318 319 403cac-403cd4 call 40640b 317->319 324 403d43-403d68 LoadImageW 318->324 325 403d37-403d3e call 40657a 318->325 319->318 326 403cd6-403cda 319->326 328 403de9-403df1 call 40140b 324->328 329 403d6a-403d9a RegisterClassW 324->329 325->324 330 403cec-403cf8 lstrlenW 326->330 331 403cdc-403ce9 call 405e39 326->331 343 403df3-403df6 328->343 344 403dfb-403e06 call 403ec2 328->344 332 403da0-403de4 SystemParametersInfoW CreateWindowExW 329->332 333 403eb8 329->333 337 403d20-403d28 call 405e0c call 40653d 330->337 338 403cfa-403d08 lstrcmpiW 330->338 331->330 332->328 336 403eba-403ec1 333->336 337->318 338->337 342 403d0a-403d14 GetFileAttributesW 338->342 347 403d16-403d18 342->347 348 403d1a-403d1b call 405e58 342->348 343->336 352 403e0c-403e26 ShowWindow call 40689a 344->352 353 403e8f-403e90 call 405672 344->353 347->337 347->348 348->337 360 403e32-403e44 GetClassInfoW 352->360 361 403e28-403e2d call 40689a 352->361 356 403e95-403e97 353->356 358 403eb1-403eb3 call 40140b 356->358 359 403e99-403e9f 356->359 358->333 359->343 362 403ea5-403eac call 40140b 359->362 365 403e46-403e56 GetClassInfoW RegisterClassW 360->365 366 403e5c-403e7f DialogBoxParamW call 40140b 360->366 361->360 362->343 365->366 370 403e84-403e8d call 403b3c 366->370 370->336
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                                                • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Fast!,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,76F93420), ref: 00403CED
                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Fast!,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(Remove folder: ,?,00000000,?), ref: 00403D0B
                                                                                                                                                                                                                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\Fast!), ref: 00403D54
                                                                                                                                                                                                                                                • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                                              • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                                                                                                                                                                              • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                                                                                                                                                                              • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                              • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                                              • API String ID: 1975747703-3846144634
                                                                                                                                                                                                                                              • Opcode ID: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                                                                                                                                              • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 373 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 376 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 373->376 377 4030cd-4030d2 373->377 385 4031f0-4031fe call 403019 376->385 386 40310b 376->386 378 4032ad-4032b1 377->378 392 403200-403203 385->392 393 403253-403258 385->393 388 403110-403127 386->388 390 403129 388->390 391 40312b-403134 call 4034cf 388->391 390->391 399 40325a-403262 call 403019 391->399 400 40313a-403141 391->400 395 403205-40321d call 4034e5 call 4034cf 392->395 396 403227-403251 GlobalAlloc call 4034e5 call 4032b4 392->396 393->378 395->393 419 40321f-403225 395->419 396->393 424 403264-403275 396->424 399->393 404 403143-403157 call 405fe8 400->404 405 4031bd-4031c1 400->405 410 4031cb-4031d1 404->410 422 403159-403160 404->422 409 4031c3-4031ca call 403019 405->409 405->410 409->410 415 4031e0-4031e8 410->415 416 4031d3-4031dd call 4069f7 410->416 415->388 423 4031ee 415->423 416->415 419->393 419->396 422->410 428 403162-403169 422->428 423->385 425 403277 424->425 426 40327d-403282 424->426 425->426 429 403283-403289 426->429 428->410 430 40316b-403172 428->430 429->429 431 40328b-4032a6 SetFilePointer call 405fe8 429->431 430->410 432 403174-40317b 430->432 436 4032ab 431->436 432->410 433 40317d-40319d 432->433 433->393 435 4031a3-4031a7 433->435 437 4031a9-4031ad 435->437 438 4031af-4031b7 435->438 436->378 437->423 437->438 438->410 439 4031b9-4031bb 438->439 439->410
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                                                                                                                                                • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                                • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupEngine.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                                                                                                                                              • API String ID: 2803837635-1248758002
                                                                                                                                                                                                                                              • Opcode ID: 1dea39ccc6c39406b0d997d68cfd0a58dedaebe218e2b7937ece93c5b698421c
                                                                                                                                                                                                                                              • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1dea39ccc6c39406b0d997d68cfd0a58dedaebe218e2b7937ece93c5b698421c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 504 40657a-406585 505 406587-406596 504->505 506 406598-4065ae 504->506 505->506 507 4065b0-4065bd 506->507 508 4065c6-4065cf 506->508 507->508 509 4065bf-4065c2 507->509 510 4065d5 508->510 511 4067aa-4067b5 508->511 509->508 512 4065da-4065e7 510->512 513 4067c0-4067c1 511->513 514 4067b7-4067bb call 40653d 511->514 512->511 515 4065ed-4065f6 512->515 514->513 517 406788 515->517 518 4065fc-406639 515->518 521 406796-406799 517->521 522 40678a-406794 517->522 519 40672c-406731 518->519 520 40663f-406646 518->520 526 406733-406739 519->526 527 406764-406769 519->527 523 406648-40664a 520->523 524 40664b-40664d 520->524 525 40679b-4067a4 521->525 522->525 523->524 528 40668a-40668d 524->528 529 40664f-40666d call 40640b 524->529 525->511 532 4065d7 525->532 533 406749-406755 call 40653d 526->533 534 40673b-406747 call 406484 526->534 530 406778-406786 lstrlenW 527->530 531 40676b-406773 call 40657a 527->531 538 40669d-4066a0 528->538 539 40668f-40669b GetSystemDirectoryW 528->539 543 406672-406676 529->543 530->525 531->530 532->512 542 40675a-406760 533->542 534->542 545 4066a2-4066b0 GetWindowsDirectoryW 538->545 546 406709-40670b 538->546 544 40670d-406711 539->544 542->530 547 406762 542->547 549 406713-406717 543->549 550 40667c-406685 call 40657a 543->550 544->549 551 406724-40672a call 4067c4 544->551 545->546 546->544 548 4066b2-4066ba 546->548 547->551 555 4066d1-4066e7 SHGetSpecialFolderLocation 548->555 556 4066bc-4066c5 548->556 549->551 552 406719-40671f lstrcatW 549->552 550->544 551->530 552->551 557 406705 555->557 558 4066e9-406703 SHGetPathFromIDListW CoTaskMemFree 555->558 561 4066cd-4066cf 556->561 557->546 558->544 558->557 561->544 561->555
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 00406695
                                                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00000400,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000,00000000,0042528A,76F923A0), ref: 004066A8
                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                                                                              • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                              • API String ID: 4260037668-1875493343
                                                                                                                                                                                                                                              • Opcode ID: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                                                                                                                                              • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004032B4 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 166COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 562 4032b4-4032cb 563 4032d4-4032dd 562->563 564 4032cd 562->564 565 4032e6-4032eb 563->565 566 4032df 563->566 564->563 567 4032fb-403308 call 4034cf 565->567 568 4032ed-4032f6 call 4034e5 565->568 566->565 572 4034bd 567->572 573 40330e-403312 567->573 568->567 574 4034bf-4034c0 572->574 575 403468-40346a 573->575 576 403318-403361 GetTickCount 573->576 579 4034c8-4034cc 574->579 577 4034aa-4034ad 575->577 578 40346c-40346f 575->578 580 4034c5 576->580 581 403367-40336f 576->581 585 4034b2-4034bb call 4034cf 577->585 586 4034af 577->586 578->580 582 403471 578->582 580->579 583 403371 581->583 584 403374-403382 call 4034cf 581->584 588 403474-40347a 582->588 583->584 584->572 596 403388-403391 584->596 585->572 594 4034c2 585->594 586->585 591 40347c 588->591 592 40347e-40348c call 4034cf 588->592 591->592 592->572 599 40348e-403493 call 4060df 592->599 594->580 598 403397-4033b7 call 406a65 596->598 604 403460-403462 598->604 605 4033bd-4033d0 GetTickCount 598->605 603 403498-40349a 599->603 606 403464-403466 603->606 607 40349c-4034a6 603->607 604->574 608 4033d2-4033da 605->608 609 40341b-40341d 605->609 606->574 607->588 614 4034a8 607->614 610 4033e2-403413 MulDiv wsprintfW call 40559f 608->610 611 4033dc-4033e0 608->611 612 403454-403458 609->612 613 40341f-403423 609->613 619 403418 610->619 611->609 611->610 612->581 618 40345e 612->618 616 403425-40342c call 4060df 613->616 617 40343a-403445 613->617 614->580 622 403431-403433 616->622 621 403448-40344c 617->621 618->580 619->609 621->598 623 403452 621->623 622->606 624 403435-403438 622->624 623->580 624->621
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CountTick$wsprintf
                                                                                                                                                                                                                                              • String ID: *B$ A$ A$... %d%%$}8@
                                                                                                                                                                                                                                              • API String ID: 551687249-3029848762
                                                                                                                                                                                                                                              • Opcode ID: dac142f1bd8b58d46ec5ce0932f2b3f247fbee8c78603e198082076923a37247
                                                                                                                                                                                                                                              • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dac142f1bd8b58d46ec5ce0932f2b3f247fbee8c78603e198082076923a37247
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 625 40176f-401794 call 402da6 call 405e83 630 401796-40179c call 40653d 625->630 631 40179e-4017b0 call 40653d call 405e0c lstrcatW 625->631 636 4017b5-4017b6 call 4067c4 630->636 631->636 640 4017bb-4017bf 636->640 641 4017c1-4017cb call 406873 640->641 642 4017f2-4017f5 640->642 649 4017dd-4017ef 641->649 650 4017cd-4017db CompareFileTime 641->650 643 4017f7-4017f8 call 406008 642->643 644 4017fd-401819 call 40602d 642->644 643->644 652 40181b-40181e 644->652 653 40188d-4018b6 call 40559f call 4032b4 644->653 649->642 650->649 654 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 652->654 655 40186f-401879 call 40559f 652->655 665 4018b8-4018bc 653->665 666 4018be-4018ca SetFileTime 653->666 654->640 687 401864-401865 654->687 667 401882-401888 655->667 665->666 669 4018d0-4018db FindCloseChangeNotification 665->669 666->669 670 402c33 667->670 673 4018e1-4018e4 669->673 674 402c2a-402c2d 669->674 675 402c35-402c39 670->675 677 4018e6-4018f7 call 40657a lstrcatW 673->677 678 4018f9-4018fc call 40657a 673->678 674->670 684 401901-4023a2 call 405b9d 677->684 678->684 684->674 684->675 687->667 689 401867-401868 687->689 689->655
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,"C:\Program Files (x86)\Fast!\Fast!.exe","C:\Program Files (x86)\Fast!\Fast!.exe",00000000,00000000,"C:\Program Files (x86)\Fast!\Fast!.exe",C:\Program Files (x86)\Fast!,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                                                • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000,0042528A,76F923A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000,0042528A,76F923A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\), ref: 0040560C
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                              • String ID: "C:\Program Files (x86)\Fast!\Fast!.exe"$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\nshBC38.tmp$C:\Users\user\AppData\Local\Temp\nshBC38.tmp\inetc.dll
                                                                                                                                                                                                                                              • API String ID: 1941528284-545338083
                                                                                                                                                                                                                                              • Opcode ID: ab293c35546dfc3782223427498d6aa4f9bfee0ec5176a09a0fb6643c1be96c6
                                                                                                                                                                                                                                              • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab293c35546dfc3782223427498d6aa4f9bfee0ec5176a09a0fb6643c1be96c6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 691 40559f-4055b4 692 4055ba-4055cb 691->692 693 40566b-40566f 691->693 694 4055d6-4055e2 lstrlenW 692->694 695 4055cd-4055d1 call 40657a 692->695 697 4055e4-4055f4 lstrlenW 694->697 698 4055ff-405603 694->698 695->694 697->693 699 4055f6-4055fa lstrcatW 697->699 700 405612-405616 698->700 701 405605-40560c SetWindowTextW 698->701 699->698 702 405618-40565a SendMessageW * 3 700->702 703 40565c-40565e 700->703 701->700 702->703 703->693 704 405660-405663 703->704 704->693
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000,0042528A,76F923A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000,0042528A,76F923A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                                              • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\), ref: 0040560C
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                                • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                                                                              • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\
                                                                                                                                                                                                                                              • API String ID: 1495540970-2617110111
                                                                                                                                                                                                                                              • Opcode ID: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                                                                                                                                              • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 705 4026ec-402705 call 402d84 708 402c2a-402c2d 705->708 709 40270b-402712 705->709 710 402c33-402c39 708->710 711 402714 709->711 712 402717-40271a 709->712 711->712 713 402720-40272f call 40649d 712->713 714 40287e-402886 712->714 713->714 718 402735 713->718 714->708 719 40273b-40273f 718->719 720 4027d4-4027d7 719->720 721 402745-402760 ReadFile 719->721 723 4027d9-4027dc 720->723 724 4027ef-4027ff call 4060b0 720->724 721->714 722 402766-40276b 721->722 722->714 726 402771-40277f 722->726 723->724 727 4027de-4027e9 call 40610e 723->727 724->714 733 402801 724->733 730 402785-402797 MultiByteToWideChar 726->730 731 40283a-402846 call 406484 726->731 727->714 727->724 730->733 734 402799-40279c 730->734 731->710 736 402804-402807 733->736 737 40279e-4027a9 734->737 736->731 739 402809-40280e 736->739 737->736 740 4027ab-4027d0 SetFilePointer MultiByteToWideChar 737->740 741 402810-402815 739->741 742 40284b-40284f 739->742 740->737 743 4027d2 740->743 741->742 746 402817-40282a 741->746 744 402851-402855 742->744 745 40286c-402878 SetFilePointer 742->745 743->733 747 402857-40285b 744->747 748 40285d-40286a 744->748 745->714 746->714 749 40282c-402832 746->749 747->745 747->748 748->714 749->719 750 402838 749->750 750->714
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                                                                                                • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                                              • String ID: 9
                                                                                                                                                                                                                                              • API String ID: 163830602-2366072709
                                                                                                                                                                                                                                              • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                                              • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 751 40689a-4068ba GetSystemDirectoryW 752 4068bc 751->752 753 4068be-4068c0 751->753 752->753 754 4068d1-4068d3 753->754 755 4068c2-4068cb 753->755 757 4068d4-406907 wsprintfW LoadLibraryExW 754->757 755->754 756 4068cd-4068cf 755->756 756->757
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                              • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                              • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                              • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                                              • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 758 402950-402969 call 402da6 call 405e83 763 402972-40298b call 406008 call 40602d 758->763 764 40296b-40296d call 402da6 758->764 770 402991-40299a 763->770 771 402a3b-402a40 763->771 764->763 772 4029a0-4029b7 GlobalAlloc 770->772 773 402a23-402a2b call 4032b4 770->773 774 402a42-402a4e DeleteFileW 771->774 775 402a55 771->775 772->773 776 4029b9-4029d6 call 4034e5 call 4034cf GlobalAlloc 772->776 779 402a30-402a35 CloseHandle 773->779 774->775 783 4029d8-4029e0 call 4032b4 776->783 784 402a0c-402a13 call 4060df 776->784 779->771 787 4029e5 783->787 788 402a18-402a1f GlobalFree 784->788 789 4029ff-402a01 787->789 788->773 790 402a03-402a06 GlobalFree 789->790 791 4029e7-4029fc call 405fe8 789->791 790->784 791->789
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2667972263-0
                                                                                                                                                                                                                                              • Opcode ID: 1e4de5253702851df6d0b6f642b82d6f2ecc2e1b33ad35e1f152e248e008f3c4
                                                                                                                                                                                                                                              • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e4de5253702851df6d0b6f642b82d6f2ecc2e1b33ad35e1f152e248e008f3c4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 794 405a6e-405ab9 CreateDirectoryW 795 405abb-405abd 794->795 796 405abf-405acc GetLastError 794->796 797 405ae6-405ae8 795->797 796->797 798 405ace-405ae2 SetFileSecurityW 796->798 798->795 799 405ae4 GetLastError 798->799 799->797
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                                                                                                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                              • API String ID: 3449924974-297319885
                                                                                                                                                                                                                                              • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                                              • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 800 401c43-401c63 call 402d84 * 2 805 401c65-401c6c call 402da6 800->805 806 401c6f-401c73 800->806 805->806 808 401c75-401c7c call 402da6 806->808 809 401c7f-401c85 806->809 808->809 812 401cd3-401cfd call 402da6 * 2 FindWindowExW 809->812 813 401c87-401ca3 call 402d84 * 2 809->813 823 401d03 812->823 824 401cc3-401cd1 SendMessageW 813->824 825 401ca5-401cc1 SendMessageTimeoutW 813->825 826 401d06-401d09 823->826 824->823 825->826 827 402c2a-402c39 826->827 828 401d0f 826->828 828->827
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                              • String ID: !
                                                                                                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                              • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                                              • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nshBC38.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                                                                                              • RegSetValueExW.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nshBC38.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nshBC38.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseValuelstrlen
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nshBC38.tmp
                                                                                                                                                                                                                                              • API String ID: 2655323295-1608479580
                                                                                                                                                                                                                                              • Opcode ID: eb1a2893963f699a3576f9d9343ac39c609614edfb45ea7287c3b3745176a0f7
                                                                                                                                                                                                                                              • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb1a2893963f699a3576f9d9343ac39c609614edfb45ea7287c3b3745176a0f7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405F14 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                                                • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,76F93420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F93420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                                • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                                • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,76F93420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F93420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,76F93420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F93420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                              • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                              • API String ID: 3248276644-263117582
                                                                                                                                                                                                                                              • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                                              • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                                                                                                                                              • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                              • API String ID: 1716503409-2113348990
                                                                                                                                                                                                                                              • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                                              • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,76F93420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F93420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                                • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                                • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                                                • Part of subcall function 00405A6E: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,C:\Program Files (x86)\Fast!,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Program Files (x86)\Fast!, xrefs: 00401640
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                              • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                              • API String ID: 1892508949-1788482285
                                                                                                                                                                                                                                              • Opcode ID: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                                                                              • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401F12 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00405B63: ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                                                                                                                                                • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                                                                                • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                                                                                                                                                                                              • String ID: @$C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                              • API String ID: 4215836453-1939985250
                                                                                                                                                                                                                                              • Opcode ID: a67ec0d71784c57903e6e19cce9d8927263f5937a446752ff53b440bc5899183
                                                                                                                                                                                                                                              • Instruction ID: 706d8f23dd4fc365793d21c3b3cee38f3579e955c6bce5a1691758ef83551cc9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a67ec0d71784c57903e6e19cce9d8927263f5937a446752ff53b440bc5899183
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20115B71E042189ADB50EFB9CA49B8CB6F4BF04304F24447AE405F72C1EBBC89459B18
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Remove folder: ,?,?,00406672,80000002), ref: 00406451
                                                                                                                                                                                                                                              • RegCloseKey.KERNEL32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\), ref: 0040645C
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseQueryValue
                                                                                                                                                                                                                                              • String ID: Remove folder:
                                                                                                                                                                                                                                              • API String ID: 3356406503-1958208860
                                                                                                                                                                                                                                              • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                                                              • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,76F93420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                              • API String ID: 1100898210-297319885
                                                                                                                                                                                                                                              • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                                              • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000,0042528A,76F923A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000,0042528A,76F923A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\), ref: 0040560C
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 334405425-0
                                                                                                                                                                                                                                              • Opcode ID: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                                                                                                                                                                              • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(008471E8), ref: 00401C0B
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000804), ref: 00401C1D
                                                                                                                                                                                                                                                • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                                                                                                                                              • String ID: "C:\Program Files (x86)\Fast!\Fast!.exe"
                                                                                                                                                                                                                                              • API String ID: 3292104215-3718641704
                                                                                                                                                                                                                                              • Opcode ID: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                                                                                                                                              • Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00406008: GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                                                • Part of subcall function 00406008: SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C1C
                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C24
                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C3C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1655745494-0
                                                                                                                                                                                                                                              • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                                              • Instruction ID: 0274c5225d47ddc366315f3a2fda4b694ad97aa72442a0e2fcdbaf00fd257d87
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4E0E53110CF9156E61457309E08F5F2AD8EF86715F05493EF892B10C0CBB848068E6A
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004069B5 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 004069DB
                                                                                                                                                                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2567322000-0
                                                                                                                                                                                                                                              • Opcode ID: 5001a44abd0e5b0949431453b9a2c42ce6d4f473903e6ae1ef305ee8f225f71a
                                                                                                                                                                                                                                              • Instruction ID: f5f2e02d25af80b97bb350a16654da7f97250589dc800b1049f4071f8343982b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5001a44abd0e5b0949431453b9a2c42ce6d4f473903e6ae1ef305ee8f225f71a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CE0D8B1A00118FBDB109F54DE05E9E7B6EDF44750F110033FA01B6590D7B19E25DB94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Program Files (x86)\Fast!, xrefs: 00402269
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateInstance
                                                                                                                                                                                                                                              • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                              • API String ID: 542301482-1788482285
                                                                                                                                                                                                                                              • Opcode ID: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                                                                              • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                              • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                                              • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$EnableShow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1136574915-0
                                                                                                                                                                                                                                              • Opcode ID: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                                                                              • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3712363035-0
                                                                                                                                                                                                                                              • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                                                                              • Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                                                • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                                                • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                                                • Part of subcall function 0040689A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2547128583-0
                                                                                                                                                                                                                                              • Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                                                                              • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                                                                                              • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                                              • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                              • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                              • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403B12 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\nshBC38.tmp\, xrefs: 00403B31
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\
                                                                                                                                                                                                                                              • API String ID: 2962429428-3529322750
                                                                                                                                                                                                                                              • Opcode ID: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                                                                              • Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                                                                                                                              • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                                              • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401FA4 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000,0042528A,76F923A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000,0042528A,76F923A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\), ref: 0040560C
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                                • Part of subcall function 00405B20: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                                                                                • Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                                                                                • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                                                                                • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                                                                                • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1543427666-0
                                                                                                                                                                                                                                              • Opcode ID: ce2c2b897b5b7a5940bd958f4af0b0a61f650836c27f4d249739cb61e324a33b
                                                                                                                                                                                                                                              • Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce2c2b897b5b7a5940bd958f4af0b0a61f650836c27f4d249739cb61e324a33b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,?,00000000,?,?), ref: 004028AF
                                                                                                                                                                                                                                                • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FilePointerwsprintf
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 327478801-0
                                                                                                                                                                                                                                              • Opcode ID: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                                                                                                                                              • Instruction ID: a13d1cf18dcce6f7d85bed0b4e0fde0de6b16079219dfacd376ffc086bc6f252
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3E09271A04105BFDB01EFA5AE499AEB3B8EF44319B10483BF102F00C1DA794D119B2D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Create
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                                                                                                                              • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                                              • Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileWrite
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3934441357-0
                                                                                                                                                                                                                                              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                              • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                                                                                              • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                              • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Remove folder: ,?), ref: 004063CE
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Open
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 71445658-0
                                                                                                                                                                                                                                              • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                              • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404499 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,?,00000000), ref: 004044B3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ItemTextlstrcatlstrlen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 281422827-0
                                                                                                                                                                                                                                              • Opcode ID: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                                                                                                                                              • Instruction ID: 6ac98b26730712a62f5b3967fa7f39b4c61dbbfa6ef1674fce18da22a1fc1fc0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3C08C35008200BFD641A714EC42F0FB7A8FFA031AF00C42EB05CA10D1C63494208A2A
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageW.USER32(00010472,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                              • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                                              • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405B63 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExecuteShell
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 587946157-0
                                                                                                                                                                                                                                              • Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                                                                              • Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                              • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                                              • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                                                              • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                              • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                                                                                                                              • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                                              • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Sleep
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                                                                                                                              • Opcode ID: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                                                                                                                                              • Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                              Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                                                                                                                                              • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                                                                                                                                                • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                              • String ID: $M$N
                                                                                                                                                                                                                                              • API String ID: 2564846305-813528018
                                                                                                                                                                                                                                              • Opcode ID: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                                                                                                                                              • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404658 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 00404738
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                                              • String ID: N$Remove folder:
                                                                                                                                                                                                                                              • API String ID: 3103080414-3051863454
                                                                                                                                                                                                                                              • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                                              • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                              • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                              • String ID: F
                                                                                                                                                                                                                                              • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                              • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                                              • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040498A Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(Remove folder: ,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404AFD
                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                                                                                                                                                                                • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                                                                                                                                                • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,76F93420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                                                • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                                                • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,76F93420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                                                • Part of subcall function 004067C4: CharPrevW.USER32(?,?,76F93420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                                                                                                                                                • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                                                • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                                                • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                              • String ID: A$C:\Program Files (x86)\Fast!$Remove folder:
                                                                                                                                                                                                                                              • API String ID: 2624150263-1220325781
                                                                                                                                                                                                                                              • Opcode ID: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                                                                                                                                              • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                                                                                                                                                • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                                                • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00406202
                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                                                                                                                                                • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                                • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                              • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                                                              • API String ID: 2171350718-461813615
                                                                                                                                                                                                                                              • Opcode ID: 8d52cae6b0df5babf044fe540a8f61f10365d92318d6db6e700b5564579bcd37
                                                                                                                                                                                                                                              • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d52cae6b0df5babf044fe540a8f61f10365d92318d6db6e700b5564579bcd37
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                                                                                                                                              • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 00404586
                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                                                                                              • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                              • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,76F93420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                                              • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                                              • CharNextW.USER32(?,00000000,76F93420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                                              • CharPrevW.USER32(?,?,76F93420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                                                                                              • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                              • API String ID: 589700163-3250253040
                                                                                                                                                                                                                                              • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                                              • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                                                                                                                                              • GetMessagePos.USER32 ref: 00404E77
                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                              • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                              • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                                                                                                                                • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nshBC38.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                                                                                              • String ID: MS Shell Dlg
                                                                                                                                                                                                                                              • API String ID: 2584051700-76309092
                                                                                                                                                                                                                                              • Opcode ID: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                                                                                                                                              • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(0030CC0B,00000064,0030F578), ref: 00402FDC
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00402FEC
                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                              • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                              • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                              • Opcode ID: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                                                                              • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                                                                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1354259210-0
                                                                                                                                                                                                                                              • Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                                                                                              • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                                                                                                                              • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                                                                                              • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                                              • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                              • String ID: %u.%u%s%s
                                                                                                                                                                                                                                              • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                              • Opcode ID: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                                                                                                                                              • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,76F93420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F93420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                              • CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                              • CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharNext
                                                                                                                                                                                                                                              • String ID: C:\
                                                                                                                                                                                                                                              • API String ID: 3213498283-3404278061
                                                                                                                                                                                                                                              • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                                              • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                                                                                                                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                              • API String ID: 2659869361-297319885
                                                                                                                                                                                                                                              • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                              • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nshBC38.tmp\inetc.dll), ref: 00402695
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrlen
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nshBC38.tmp$C:\Users\user\AppData\Local\Temp\nshBC38.tmp\inetc.dll
                                                                                                                                                                                                                                              • API String ID: 1659193697-4196625076
                                                                                                                                                                                                                                              • Opcode ID: 00933c64229d8af25222ad9bfa8c1bb017ce3e6fae46a45fef74913abf3a9e56
                                                                                                                                                                                                                                              • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00933c64229d8af25222ad9bfa8c1bb017ce3e6fae46a45fef74913abf3a9e56
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                                                                                                                                              • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2102729457-0
                                                                                                                                                                                                                                              • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                                              • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 00405542
                                                                                                                                                                                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                                                                                                                                                • Part of subcall function 004044E5: SendMessageW.USER32(00010472,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                              • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                                              • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(80000000,C:\Users\user\AppData\Local\Temp,004030E9,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                                                                                                                                                                                                                                              • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Local\Temp,004030E9,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,80000000,00000003), ref: 00405E6E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 00405E58
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                                              • API String ID: 2709904686-3067928993
                                                                                                                                                                                                                                              • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                              • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                                                                                                                                                                              • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000008.00000002.1877516752.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877495990.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877535714.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877554349.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000008.00000002.1877796115.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                                                                                                                              • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                                              • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:8.2%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                              Signature Coverage:6.3%
                                                                                                                                                                                                                                              Total number of Nodes:1911
                                                                                                                                                                                                                                              Total number of Limit Nodes:11
                                                                                                                                                                                                                                              execution_graph 5708 2c4f2b 5709 2c4f4c 5708->5709 5710 2c4f65 5708->5710 5716 2c5965 5709->5716 5712 2c4f63 5710->5712 5725 2c58a9 5710->5725 5717 2c597e 5716->5717 5722 2c5994 5716->5722 5718 2c5983 5717->5718 5717->5722 5720 2c5927 7 API calls 5718->5720 5719 2c598d 5719->5712 5720->5719 5721 2c59b6 5723 2c5927 7 API calls 5721->5723 5722->5719 5722->5721 5737 2c6c85 5722->5737 5723->5719 5726 2c58cc 5725->5726 5727 2c4f73 5725->5727 5728 2c591c 5726->5728 5731 2c58e3 5726->5731 5733 2c68b5 5727->5733 5729 2bc465 2 API calls 5728->5729 5730 2c5921 5729->5730 5743 2c5f7b 5731->5743 5734 2c68be 5733->5734 5735 2c6903 5733->5735 5734->5735 5736 2c68d2 memset 5734->5736 5735->5712 5736->5734 5738 2c6cda 5737->5738 5739 2c6cd3 5737->5739 5741 2c6d26 5738->5741 5742 2ba107 ??3@YAXPAX 5738->5742 5740 2c52fd 7 API calls 5739->5740 5740->5738 5741->5722 5742->5741 5744 2c566f 4 API calls 5743->5744 5745 2c5f8f 5744->5745 5746 2c5fc9 5745->5746 5747 2c5927 7 API calls 5745->5747 5746->5727 5748 2c5fc0 ??3@YAXPAX 5747->5748 5748->5746 5755 2ba7a7 5756 2bc26e memcpy 5755->5756 5757 2ba7c0 5756->5757 5758 2c80a2 5759 2c65fc 5 API calls 5758->5759 5760 2c80b3 5759->5760 5765 2ca7b9 5766 2ca7d2 5765->5766 5768 2ca7f9 5765->5768 5767 2c556e 10 API calls 5766->5767 5766->5768 5767->5766 5769 2b9c30 5770 2b9c4f 5769->5770 5771 2b9c40 5769->5771 5779 2b9be0 5770->5779 5775 2ba144 5771->5775 5774 2b9c4d 5776 2ba162 5775->5776 5783 2ba3ca 5776->5783 5780 2b9bf2 5779->5780 5781 2ba144 2 API calls 5780->5781 5782 2b9c05 5781->5782 5782->5774 5784 2ba3dc 5783->5784 5785 2ba3e0 5784->5785 5786 2ba3fc 5784->5786 5788 2ba205 memcpy 5785->5788 5787 2ba16e 5786->5787 5789 2ba41e memcpy 5786->5789 5787->5774 5788->5787 5789->5787 5790 2c8230 ??1exception@@UAE 5791 2c824b 5790->5791 5792 2c8243 ??3@YAXPAX 5790->5792 5792->5791 5794 2ccc31 5797 2ccb48 ??0exception@@QAE@ABQBD 5794->5797 5796 2ccc44 _CxxThrowException 5797->5796 5798 2c5d04 ??3@YAXPAX 4869 2c2e86 4870 2c2ea6 strcpy_s 4869->4870 4871 2c2ea1 4869->4871 4870->4871 4873 2c2ec4 4870->4873 4878 2ccfa0 4871->4878 4873->4871 4875 2c2ee1 GetFileAttributesA 4873->4875 4874 2c2f21 4875->4873 4876 2c2ef6 CreateDirectoryA 4875->4876 4876->4873 4877 2c2f25 GetLastError 4876->4877 4877->4871 4879 2ccfa8 4878->4879 4880 2ccfab 4878->4880 4879->4874 4883 2cd5fa SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4880->4883 4882 2cd735 4882->4874 4883->4882 5799 2b9c80 5800 2b9c92 5799->5800 5801 2ba144 2 API calls 5800->5801 5802 2b9ca5 5801->5802 5803 2c8300 ??0exception@@QAE@ABV0@ 5804 2cb41e 5805 2c834c 8 API calls 5804->5805 5806 2cb431 5805->5806 5807 2c834c 8 API calls 5806->5807 5808 2cb43f 5807->5808 5809 2c834c 8 API calls 5808->5809 5810 2cb44d 5809->5810 5811 2c834c 8 API calls 5810->5811 5812 2cb45b 5811->5812 5813 2c834c 8 API calls 5812->5813 5814 2cb469 5813->5814 5815 2c834c 8 API calls 5814->5815 5816 2cb477 5815->5816 5817 2c834c 8 API calls 5816->5817 5818 2cb488 5817->5818 5819 2c834c 8 API calls 5818->5819 5820 2cb496 5819->5820 5821 2c834c 8 API calls 5820->5821 5822 2cb4a4 5821->5822 5823 2c834c 8 API calls 5822->5823 5824 2cb4b2 5823->5824 5825 2c834c 8 API calls 5824->5825 5826 2cb4c0 5825->5826 5827 2c834c 8 API calls 5826->5827 5828 2cb4ce 5827->5828 5829 2c834c 8 API calls 5828->5829 5830 2cb4dc 5829->5830 5831 2c789f 5834 2c5238 5831->5834 5833 2c78c9 5835 2c5256 5834->5835 5836 2c5252 5834->5836 5837 2c525e 5835->5837 5838 2c5279 5835->5838 5836->5833 5846 2c5b4b 5837->5846 5840 2bc465 2 API calls 5838->5840 5841 2c527e 5840->5841 5845 2c52a3 5841->5845 5859 2c5b81 5841->5859 5845->5833 5847 2c5b59 5846->5847 5848 2c5b70 5846->5848 5849 2c5b69 5847->5849 5851 2cca2b 2 API calls 5847->5851 5848->5836 5849->5848 5850 2ccbe6 std::tr1::_Xmem 2 API calls 5849->5850 5853 2c5b7b 5850->5853 5851->5849 5852 2c5bc4 5852->5836 5853->5852 5854 2c5bcb 5853->5854 5855 2c5bb2 5853->5855 5856 2bc465 2 API calls 5854->5856 5871 2c6026 5855->5871 5857 2c5bd0 5856->5857 5860 2c52c7 5859->5860 5861 2c5ba0 5859->5861 5867 2c690e 5860->5867 5862 2c5bcb 5861->5862 5863 2c5bb2 5861->5863 5864 2bc465 2 API calls 5862->5864 5866 2c6026 7 API calls 5863->5866 5865 2c5bd0 5864->5865 5866->5860 5868 2c6933 5867->5868 5870 2c691a 5867->5870 5868->5845 5869 2c691e memset 5869->5870 5870->5868 5870->5869 5872 2c5b4b 6 API calls 5871->5872 5873 2c603a 5872->5873 5874 2c605f ??3@YAXPAX 5873->5874 5875 2c606b 5873->5875 5874->5875 5875->5852 4840 2ba49c 4841 2ba4a8 __EH_prolog3_catch 4840->4841 4848 2ba58f 4841->4848 4843 2ba547 4855 2ba1b9 4843->4855 4846 2ba53c memcpy 4846->4843 4847 2ba552 4849 2ba4f7 4848->4849 4850 2ba59d 4848->4850 4849->4843 4849->4846 4851 2ba5a8 4850->4851 4860 2cca2b 4850->4860 4851->4849 4865 2ccbe6 4851->4865 4856 2ba1cb 4855->4856 4857 2ba1ec 4855->4857 4856->4857 4858 2ba1d8 memcpy 4856->4858 4859 2ba1e3 ??3@YAXPAX 4856->4859 4857->4847 4858->4859 4859->4857 4861 2cca3f malloc 4860->4861 4862 2cca4d 4861->4862 4863 2cca32 _callnewh 4861->4863 4862->4851 4863->4861 4864 2cca4f 4863->4864 4864->4864 4868 2cca88 ??0exception@@QAE@ABQBDH 4865->4868 4867 2ccbf6 _CxxThrowException 4868->4867 5876 2c5816 5885 2c56a8 5876->5885 5880 2c5887 5881 2c587e ??3@YAXPAX 5881->5880 5882 2c5843 5882->5880 5882->5881 5883 2ba1b9 2 API calls 5882->5883 5884 2c5878 5882->5884 5883->5882 5884->5881 5886 2c56cd 5885->5886 5887 2c56b6 5885->5887 5892 2c7501 5886->5892 5888 2cca2b 2 API calls 5887->5888 5890 2c56c6 5887->5890 5888->5890 5889 2ccbe6 std::tr1::_Xmem 2 API calls 5891 2c56d8 5889->5891 5890->5886 5890->5889 5893 2c7510 5892->5893 5894 2c753a 5893->5894 5895 2bc244 memmove 5893->5895 5894->5882 5895->5893 5896 2bbb91 5897 2bbbbe 5896->5897 5898 2bbbdc 5897->5898 5940 2cd7cd __iob_func 5897->5940 5901 2bbbfb 5898->5901 5909 2bbc18 5898->5909 5900 2bbbd1 fprintf 5900->5898 5941 2cd7cd __iob_func 5901->5941 5903 2bbfc4 5904 2bbc07 fprintf 5904->5903 5908 2bbc68 fprintf 5908->5909 5909->5903 5942 2cd7cd __iob_func 5909->5942 5943 2cd7cd __iob_func 5909->5943 5944 2cd7cd __iob_func 5909->5944 5945 2cd7cd __iob_func 5909->5945 5946 2ba7ce 5909->5946 5949 2cd7cd __iob_func 5909->5949 5950 2cd7cd __iob_func 5909->5950 5951 2cd7cd __iob_func 5909->5951 5952 2cd7cd __iob_func 5909->5952 5953 2cd7cd __iob_func 5909->5953 5954 2cd7cd __iob_func 5909->5954 5955 2cd7cd __iob_func 5909->5955 5956 2cd7cd __iob_func 5909->5956 5957 2cd7cd __iob_func 5909->5957 5958 2cd7cd __iob_func 5909->5958 5959 2cd7cd __iob_func 5909->5959 5960 2cd7cd __iob_func 5909->5960 5961 2ba17a 5909->5961 5910 2bbd48 fprintf 5910->5909 5913 2bbcb6 fprintf 5913->5909 5915 2bbd0b fprintf 5915->5909 5918 2bbda2 fprintf 5918->5909 5919 2bbdc9 fprintf 5919->5909 5921 2bbdfa fprintf 5921->5909 5923 2bbe27 fprintf 5923->5909 5927 2bbe83 fprintf 5927->5909 5928 2bbe9f fprintf 5928->5909 5930 2bbe48 fprintf 5930->5909 5931 2bbec7 fprintf 5931->5909 5933 2bbf3b fprintf 5933->5909 5936 2bbee8 fprintf 5936->5909 5937 2bbf0a fprintf 5937->5909 5939 2bbf74 fprintf 5939->5909 5940->5900 5941->5904 5942->5908 5943->5913 5944->5915 5945->5910 5966 2bc1d7 5946->5966 5948 2ba7e1 5948->5909 5949->5918 5950->5919 5951->5921 5952->5923 5953->5930 5954->5927 5955->5928 5956->5931 5957->5936 5958->5937 5959->5933 5960->5939 5962 2ba1b1 5961->5962 5963 2ba186 5961->5963 5962->5909 5964 2ba19d ??3@YAXPAX 5963->5964 5997 2b9cf3 5963->5997 5964->5962 5967 2bc1e3 __EH_prolog3_catch 5966->5967 5972 2bc334 5967->5972 5970 2bc220 5970->5948 5973 2bc20a 5972->5973 5974 2bc352 5972->5974 5973->5970 5980 2bc870 5973->5980 5975 2bc35a 5974->5975 5976 2bc378 5974->5976 5984 2bc4f6 5975->5984 5978 2bc465 2 API calls 5976->5978 5979 2bc37d 5978->5979 5981 2bc87c __EH_prolog3_catch 5980->5981 5982 2bc8df 5981->5982 5991 2ba7ef 5981->5991 5982->5970 5985 2bc51e 5984->5985 5986 2bc504 5984->5986 5985->5973 5987 2bc517 5986->5987 5988 2cca2b 2 API calls 5986->5988 5987->5985 5989 2ccbe6 std::tr1::_Xmem 2 API calls 5987->5989 5988->5987 5990 2bc529 5989->5990 5992 2ba7fb 5991->5992 5993 2bc26e memcpy 5992->5993 5994 2ba809 5993->5994 5995 2bc26e memcpy 5994->5995 5996 2ba91b 5995->5996 5996->5981 5998 2ba1b9 2 API calls 5997->5998 5999 2b9d07 5998->5999 6000 2ba1b9 2 API calls 5999->6000 6001 2b9d12 6000->6001 6001->5963 6002 2b9d90 6003 2b9d9b printf SetEvent 6002->6003 6004 2b9de7 6002->6004 6005 2b9db7 GetLastError 6003->6005 6006 2b9dd5 SetConsoleCtrlHandler 6003->6006 6009 2cd7cd __iob_func 6005->6009 6006->6004 6008 2b9dca fprintf 6008->6006 6009->6008 6010 2cd210 6011 2cd24d 6010->6011 6013 2cd222 6010->6013 6012 2cd247 ?terminate@ 6012->6011 6013->6011 6013->6012 6014 2ccf90 6017 2cd498 6014->6017 6016 2ccf95 6016->6016 6018 2cd4bd 6017->6018 6019 2cd4ca GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 6017->6019 6018->6019 6020 2cd4c1 6018->6020 6019->6020 6020->6016 5667 2cb111 5668 2cb126 5667->5668 5685 2c834c 5668->5685 5671 2c834c 8 API calls 5672 2cb149 5671->5672 5673 2c834c 8 API calls 5672->5673 5674 2cb15a 5673->5674 5675 2c834c 8 API calls 5674->5675 5676 2cb16b 5675->5676 5677 2c834c 8 API calls 5676->5677 5678 2cb17c 5677->5678 5679 2c834c 8 API calls 5678->5679 5680 2cb190 5679->5680 5681 2c834c 8 API calls 5680->5681 5682 2cb1a1 5681->5682 5683 2c834c 8 API calls 5682->5683 5684 2cb1b2 5683->5684 5693 2cdb30 5685->5693 5688 2c839f 5695 2bc52f 5688->5695 5690 2c83b2 5691 2ccfa0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 5690->5691 5692 2c83be 5691->5692 5692->5671 5694 2c835b memset vsprintf_s 5693->5694 5694->5688 5696 2bc542 5695->5696 5702 2ba44a 5696->5702 5703 2ccc0a 2 API calls 5702->5703 5704 2ba454 5703->5704 6024 2cb8ec 6025 2cb924 6024->6025 6026 2c834c 8 API calls 6025->6026 6031 2cb933 6026->6031 6027 2cba96 6028 2c834c 8 API calls 6027->6028 6030 2cbaa5 6028->6030 6029 2c834c 8 API calls 6029->6031 6032 2c834c 8 API calls 6030->6032 6031->6027 6031->6029 6033 2cbad5 6032->6033 6034 2c834c 8 API calls 6033->6034 6035 2cbaee 6034->6035 6036 2c834c 8 API calls 6035->6036 6037 2cbb0b 6036->6037 6038 2c834c 8 API calls 6037->6038 6039 2cbb24 6038->6039 6040 2c834c 8 API calls 6039->6040 6041 2cbb2f 6040->6041 6042 2c834c 8 API calls 6041->6042 6043 2cbb3a 6042->6043 6044 2cd2ee GetModuleHandleA 6045 2cd2ff 6044->6045 6049 2bfa62 6076 2c06e9 6049->6076 6052 2bfbe8 6053 2c06e9 12 API calls 6054 2bfaac 6053->6054 6054->6052 6055 2c06e9 12 API calls 6054->6055 6056 2bfacf 6055->6056 6056->6052 6057 2c06e9 12 API calls 6056->6057 6058 2bfaf2 6057->6058 6058->6052 6059 2c06e9 12 API calls 6058->6059 6060 2bfb15 6059->6060 6060->6052 6086 2c0a84 6060->6086 6063 2c0a84 12 API calls 6064 2bfb5b 6063->6064 6064->6052 6065 2c0a84 12 API calls 6064->6065 6066 2bfb7e 6065->6066 6066->6052 6067 2c0a84 12 API calls 6066->6067 6068 2bfb9d 6067->6068 6068->6052 6069 2c06e9 12 API calls 6068->6069 6070 2bfbbc 6069->6070 6070->6052 6096 2c0475 6070->6096 6077 2c06f5 __EH_prolog3_GS 6076->6077 6138 2bf15e 6077->6138 6080 2c076f VariantClear 6154 2bf72b 6080->6154 6085 2c0757 _wtoi SysFreeString 6085->6080 6087 2c0a90 __EH_prolog3_GS 6086->6087 6088 2bf15e 9 API calls 6087->6088 6090 2c0aa9 6088->6090 6089 2c0b16 VariantClear 6091 2bf72b 4 API calls 6089->6091 6090->6089 6095 2c0af2 _wcsicmp SysFreeString 6090->6095 6092 2c0b28 6091->6092 6093 2cd100 4 API calls 6092->6093 6094 2bfb38 6093->6094 6094->6052 6094->6063 6095->6089 6097 2c0481 __EH_prolog3_GS 6096->6097 6098 2bf15e 9 API calls 6097->6098 6104 2c049c 6098->6104 6099 2c055b VariantClear 6100 2bf72b 4 API calls 6099->6100 6101 2c056d 6100->6101 6102 2cd100 4 API calls 6101->6102 6103 2bfbd2 6102->6103 6103->6052 6109 2c057c 6103->6109 6104->6099 6105 2bf72b 4 API calls 6104->6105 6106 2c052c _wtoi 6104->6106 6105->6104 6169 2bca4a 6106->6169 6110 2c0588 __EH_prolog3_GS 6109->6110 6111 2bf15e 9 API calls 6110->6111 6112 2c05a3 6111->6112 6113 2c06c8 VariantClear 6112->6113 6118 2bf72b 4 API calls 6112->6118 6119 2c0790 12 API calls 6112->6119 6124 2bca4a 7 API calls 6112->6124 6181 2cd7cd __iob_func 6112->6181 6182 2cd7cd __iob_func 6112->6182 6114 2bf72b 4 API calls 6113->6114 6115 2c06da 6114->6115 6116 2cd100 4 API calls 6115->6116 6117 2bfbdd 6116->6117 6117->6052 6125 2bfbf6 6117->6125 6118->6112 6119->6112 6121 2c0668 fprintf 6121->6112 6123 2c0690 fprintf 6123->6112 6124->6112 6126 2bfc05 __EH_prolog3_GS 6125->6126 6127 2bf15e 9 API calls 6126->6127 6129 2bfc24 6127->6129 6128 2bfd0a 6130 2bf72b 4 API calls 6128->6130 6129->6128 6134 2bf72b 4 API calls 6129->6134 6137 2b9cf3 2 API calls 6129->6137 6183 2bfffd 6129->6183 6247 2bca85 6129->6247 6131 2bfd15 VariantClear 6130->6131 6132 2cd100 4 API calls 6131->6132 6133 2bfd29 6132->6133 6133->6052 6134->6129 6137->6129 6161 2cd14c 6138->6161 6140 2bf16a VariantClear 6141 2bf227 SysAllocString 6140->6141 6146 2bf18f 6140->6146 6147 2bf235 6141->6147 6142 2bf262 6144 2cd100 4 API calls 6142->6144 6143 2bf254 free 6143->6147 6148 2bf26c 6144->6148 6145 2bf224 6145->6141 6146->6145 6149 2bf1c8 6146->6149 6162 2bf002 6146->6162 6147->6142 6147->6143 6148->6080 6148->6085 6149->6147 6150 2bf1e4 malloc 6149->6150 6152 2bf1cc 6149->6152 6150->6145 6150->6152 6152->6145 6153 2bf204 MultiByteToWideChar 6152->6153 6153->6145 6155 2bf741 6154->6155 6156 2ccfa0 4 API calls 6155->6156 6157 2bf75d 6156->6157 6158 2cd100 6157->6158 6159 2ccfa0 4 API calls 6158->6159 6160 2bfa83 6159->6160 6160->6052 6160->6053 6161->6140 6163 2bf00e 6162->6163 6166 2cd5b4 6163->6166 6167 2ccfa0 4 API calls 6166->6167 6168 2bf069 6167->6168 6168->6149 6170 2bca5b 6169->6170 6171 2bca63 SysFreeString 6169->6171 6173 2bec98 6170->6173 6171->6104 6174 2becab 6173->6174 6175 2bece2 6173->6175 6176 2bece6 6174->6176 6179 2becbf 6174->6179 6175->6171 6177 2bc465 2 API calls 6176->6177 6178 2beceb 6177->6178 6180 2becf1 5 API calls 6179->6180 6180->6175 6181->6121 6182->6123 6184 2c0009 __EH_prolog3_GS 6183->6184 6264 2c086d 6184->6264 6187 2ba1b9 2 API calls 6189 2c0466 6187->6189 6188 2c0072 6282 2c0a54 6188->6282 6192 2cd100 4 API calls 6189->6192 6191 2bc26e memcpy 6194 2c004b 6191->6194 6195 2c046d 6192->6195 6196 2c0062 6194->6196 6197 2ba205 memcpy 6194->6197 6195->6129 6198 2ba1b9 2 API calls 6196->6198 6197->6196 6198->6188 6201 2c0a84 12 API calls 6202 2c00d3 6201->6202 6203 2c09aa 12 API calls 6202->6203 6246 2c0430 6202->6246 6204 2c00f7 6203->6204 6205 2c0a84 12 API calls 6204->6205 6204->6246 6206 2c0121 6205->6206 6207 2c0a84 12 API calls 6206->6207 6206->6246 6208 2c0148 6207->6208 6209 2c0a84 12 API calls 6208->6209 6208->6246 6210 2c016f 6209->6210 6211 2c0a84 12 API calls 6210->6211 6210->6246 6212 2c0196 6211->6212 6213 2c0a54 12 API calls 6212->6213 6212->6246 6214 2c01bd 6213->6214 6215 2c09aa 12 API calls 6214->6215 6214->6246 6216 2c01e1 6215->6216 6217 2c0a84 12 API calls 6216->6217 6216->6246 6218 2c0211 6217->6218 6219 2c0a84 12 API calls 6218->6219 6218->6246 6220 2c023c 6219->6220 6221 2c0a84 12 API calls 6220->6221 6220->6246 6222 2c0269 6221->6222 6223 2c0a84 12 API calls 6222->6223 6222->6246 6224 2c0294 6223->6224 6224->6246 6296 2bfe7d 6224->6296 6227 2c0a54 12 API calls 6228 2c02d0 6227->6228 6229 2c0a54 12 API calls 6228->6229 6228->6246 6230 2c02f8 6229->6230 6231 2c0a54 12 API calls 6230->6231 6230->6246 6232 2c0323 6231->6232 6233 2c0a54 12 API calls 6232->6233 6232->6246 6234 2c034a 6233->6234 6235 2c09aa 12 API calls 6234->6235 6234->6246 6236 2c036e 6235->6236 6237 2c09aa 12 API calls 6236->6237 6236->6246 6238 2c039c 6237->6238 6239 2c06e9 12 API calls 6238->6239 6238->6246 6240 2c03c6 6239->6240 6241 2c0a84 12 API calls 6240->6241 6240->6246 6242 2c03ea 6241->6242 6243 2c09aa 12 API calls 6242->6243 6242->6246 6244 2c040a 6243->6244 6245 2c06e9 12 API calls 6244->6245 6244->6246 6245->6246 6246->6187 6248 2bca94 __EH_prolog3_GS 6247->6248 6249 2ba7ef memcpy 6248->6249 6250 2bcaa5 6249->6250 6251 2bcaeb 6250->6251 6252 2bcab6 6250->6252 6253 2bcaf8 6251->6253 6256 2bea9a 13 API calls 6251->6256 6255 2bcad1 6252->6255 6348 2bea9a 6252->6348 6254 2bcae6 6253->6254 6257 2bee7b memmove 6253->6257 6259 2b9cf3 2 API calls 6254->6259 6255->6254 6367 2bee7b 6255->6367 6256->6253 6257->6254 6261 2bcb17 6259->6261 6262 2cd100 4 API calls 6261->6262 6263 2bcb1c 6262->6263 6263->6129 6265 2c087c __EH_prolog3_GS 6264->6265 6266 2bf15e 9 API calls 6265->6266 6269 2c08a5 6266->6269 6267 2c0983 VariantClear 6268 2bf72b 4 API calls 6267->6268 6270 2c099b 6268->6270 6269->6267 6273 2c08ff memset 6269->6273 6274 2c0977 SysFreeString 6269->6274 6271 2cd100 4 API calls 6270->6271 6272 2c0030 6271->6272 6272->6188 6272->6191 6272->6246 6275 2c091f 6273->6275 6274->6267 6275->6275 6276 2c092a WideCharToMultiByte 6275->6276 6277 2ba144 2 API calls 6276->6277 6278 2c0961 6277->6278 6279 2bea01 3 API calls 6278->6279 6280 2c0969 6279->6280 6281 2ba1b9 2 API calls 6280->6281 6281->6274 6283 2c06e9 12 API calls 6282->6283 6284 2c0081 6283->6284 6284->6246 6285 2c09aa 6284->6285 6286 2c09b6 __EH_prolog3_GS 6285->6286 6287 2bf15e 9 API calls 6286->6287 6292 2c09cf 6287->6292 6288 2c0a33 VariantClear 6289 2bf72b 4 API calls 6288->6289 6290 2c0a45 6289->6290 6291 2cd100 4 API calls 6290->6291 6293 2c00a5 6291->6293 6292->6288 6294 2c0a18 _wtoi64 6292->6294 6295 2c0a2a SysFreeString 6292->6295 6293->6201 6293->6246 6294->6295 6295->6288 6297 2bfe89 __EH_prolog3_GS 6296->6297 6298 2bf15e 9 API calls 6297->6298 6304 2bfeaa 6298->6304 6299 2bffdc VariantClear 6300 2bf72b 4 API calls 6299->6300 6301 2bffee 6300->6301 6302 2cd100 4 API calls 6301->6302 6303 2bfff5 6302->6303 6303->6227 6303->6246 6304->6299 6305 2bffd4 6304->6305 6306 2c086d 18 API calls 6304->6306 6307 2bf72b 4 API calls 6305->6307 6310 2bff4b 6306->6310 6307->6299 6308 2bff92 6309 2ba1b9 2 API calls 6308->6309 6309->6305 6310->6308 6318 2bc383 6310->6318 6312 2bff70 6312->6308 6313 2bc383 memcmp 6312->6313 6314 2bff8e 6313->6314 6314->6308 6315 2bc383 memcmp 6314->6315 6316 2bffb2 6315->6316 6316->6308 6322 2bfd31 6316->6322 6319 2bc391 6318->6319 6320 2bc3bb 6319->6320 6321 2bc3aa memcmp 6319->6321 6320->6312 6321->6320 6323 2bfd3d __EH_prolog3_GS 6322->6323 6324 2bf15e 9 API calls 6323->6324 6325 2bfd5e 6324->6325 6326 2bfe5c VariantClear 6325->6326 6331 2bfe54 6325->6331 6333 2c09aa 12 API calls 6325->6333 6327 2bf72b 4 API calls 6326->6327 6328 2bfe6e 6327->6328 6329 2cd100 4 API calls 6328->6329 6330 2bfe75 6329->6330 6330->6308 6332 2bf72b 4 API calls 6331->6332 6332->6326 6334 2bfdea 6333->6334 6334->6331 6335 2c086d 18 API calls 6334->6335 6336 2bfe2a 6335->6336 6337 2bfe49 6336->6337 6339 2bc26e memcpy 6336->6339 6338 2ba1b9 2 API calls 6337->6338 6338->6331 6340 2bfe42 6339->6340 6342 2bc9c7 6340->6342 6343 2bc9d3 6342->6343 6344 2bc9ee 6343->6344 6345 2ba205 memcpy 6343->6345 6346 2ba1b9 2 API calls 6344->6346 6345->6344 6347 2bc9fa 6346->6347 6347->6337 6349 2beafa 6348->6349 6350 2beab8 6348->6350 6349->6255 6351 2beb00 6350->6351 6354 2beacd 6350->6354 6352 2bc465 2 API calls 6351->6352 6353 2beb05 6352->6353 6356 2bebc2 6353->6356 6357 2cca2b 2 API calls 6353->6357 6364 2beb46 6353->6364 6372 2bec03 6354->6372 6358 2ccbe6 std::tr1::_Xmem 2 API calls 6356->6358 6360 2beb3c 6357->6360 6361 2bebc7 6358->6361 6359 2beba6 6359->6255 6360->6356 6360->6364 6362 2beb9d ??3@YAXPAX 6362->6359 6363 2ba107 ??3@YAXPAX 6363->6364 6364->6359 6364->6362 6364->6363 6365 2ba17a 3 API calls 6364->6365 6366 2beb94 6364->6366 6365->6364 6366->6362 6368 2bc244 memmove 6367->6368 6369 2bee8d 6368->6369 6370 2bc244 memmove 6369->6370 6371 2bef9b 6370->6371 6371->6254 6373 2bc4f6 4 API calls 6372->6373 6374 2bec1b 6373->6374 6381 2beda9 6374->6381 6376 2bec70 6376->6349 6377 2bec30 6377->6376 6378 2bec67 ??3@YAXPAX 6377->6378 6379 2b9cf3 2 API calls 6377->6379 6380 2bec61 6377->6380 6378->6376 6379->6377 6380->6378 6382 2bedb8 6381->6382 6383 2bedd6 6382->6383 6384 2bee7b memmove 6382->6384 6383->6377 6384->6382 6385 2b9ae0 6386 2b9afc 6385->6386 6387 2b9af4 ??3@YAXPAX 6385->6387 6387->6386 6388 2b9d60 6391 2cd7cd __iob_func 6388->6391 6390 2b9d72 vfprintf 6391->6390 4888 2c1f60 4890 2c1f6f __EH_prolog3_GS 4888->4890 4889 2c1ff8 srand 4891 2c2013 4889->4891 4896 2c2094 4889->4896 4890->4889 5126 2baa3b 4890->5126 5026 2c1370 4891->5026 4894 2c1fd8 4894->4889 5004 2c20b5 __aulldiv 4896->5004 5030 2c1175 GetCurrentProcess OpenProcessToken 4896->5030 4897 2c207d 5129 2c1330 4897->5129 4900 2c253e 4901 2c1370 4 API calls 4900->4901 4903 2c255b 4901->4903 4902 2ba786 memcpy 4902->5004 5058 2c47a3 4903->5058 4905 2c208d 4908 2c2da3 4905->4908 4910 2c2d8c VirtualFree 4905->4910 4907 2c2756 4912 2c1330 4 API calls 4907->4912 4914 2c2da8 FindCloseChangeNotification 4908->4914 4915 2c2db8 4908->4915 4910->4905 4917 2c2731 4912->4917 4913 2c212c atoi sprintf_s 4913->5004 4914->4908 4919 2c2dc9 4915->4919 4920 2c2dc2 CloseHandle 4915->4920 4923 2ba1b9 2 API calls 4917->4923 4918 2c215d isalpha 4918->5004 5237 2c2df7 4919->5237 4920->4919 4922 2c2685 4925 2c2af0 4922->4925 4927 2c26a8 4922->4927 4923->4905 4924 2c2172 sprintf_s 4924->5004 4928 2c2b3b 4925->4928 4932 2c2b0d CreateIoCompletionPort 4925->4932 4931 2c1681 5 API calls 4927->4931 5077 2c46bf 4928->5077 4934 2c26b8 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 4931->4934 4932->4925 4935 2c2b42 GetLastError 4932->4935 4941 2c1370 4 API calls 4934->4941 4935->4928 4938 2c2b6b 5081 2c463a 4938->5081 4939 2ba1b9 2 API calls 4949 2c259d 4939->4949 4943 2c26f4 SetFilePointerEx 4941->4943 4947 2c2834 4943->4947 4948 2c2715 GetLastError 4943->4948 4944 2cc74e 11 API calls 4944->4949 4945 2c47a3 13 API calls 4991 2c2b87 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 4945->4991 4946 2c2232 CreateFileA 4951 2c27f1 GetLastError 4946->4951 4946->5004 4950 2c1370 4 API calls 4947->4950 4952 2c2726 4948->4952 4949->4922 4949->4939 4949->4944 5170 2ba786 4949->5170 5173 2bea01 4949->5173 4954 2c284b WaitForSingleObject 4950->4954 4958 2c280a 4951->4958 4959 2c1330 4 API calls 4952->4959 4953 2c2cfc 4956 2c1370 4 API calls 4953->4956 4961 2c2861 GetLastError 4954->4961 4962 2c2872 4954->4962 4963 2c2d13 WaitForSingleObject 4956->4963 4964 2c1330 4 API calls 4958->4964 4959->4917 4961->4962 4965 2c1370 4 API calls 4962->4965 4963->4961 4966 2c2d2d 4963->4966 4964->4917 4968 2c2889 4965->4968 4970 2c1370 4 API calls 4966->4970 4967 2c4c97 8 API calls 4967->4991 4968->4905 4972 2c28af 4968->4972 4969 2c22da SetFileInformationByHandle 4973 2c2738 GetLastError 4969->4973 4969->5004 4974 2c2d44 4970->4974 4971 2c4fac 8 API calls 4971->5004 5179 2c80d1 GetTickCount64 4972->5179 4973->4958 4974->4905 4979 2c2d68 4974->4979 4980 2c2d5b 4974->4980 4977 2c2330 GetFileSize 4982 2c234b GetLastError 4977->4982 4977->5004 5222 2c1da7 4979->5222 5094 2c1733 4980->5094 4982->4907 4982->5004 4984 2c2258 4984->4952 4984->5004 5133 2c1250 CreateEventA 4984->5133 5142 2c1085 CreateEventA 4984->5142 5156 2c0fb0 CreateEventA 4984->5156 4986 2c1490 5 API calls 4986->4991 4987 2c2aa6 4987->4905 4988 2c1330 4 API calls 4988->5004 4989 2c4738 12 API calls 4989->5004 4991->4953 4991->4967 4991->4986 4996 2c1370 4 API calls 4991->4996 5087 2c1681 4991->5087 4995 2c28f8 Sleep 5005 2c28ce __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 4995->5005 4996->4991 4997 2c293f ReadFile 4997->5005 4998 2c27a2 5000 2ba786 memcpy 4998->5000 5003 2c27b0 5000->5003 5008 2c1330 4 API calls 5003->5008 5004->4900 5004->4902 5004->4905 5004->4907 5004->4913 5004->4918 5004->4924 5004->4946 5004->4969 5004->4971 5004->4977 5004->4984 5004->4988 5004->4989 5004->4998 5015 2c1370 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 5004->5015 5020 2c2769 5004->5020 5021 2ba1b9 memcpy ??3@YAXPAX 5004->5021 5045 2c1640 5004->5045 5049 2bbfd5 5004->5049 5005->4905 5005->4987 5005->4995 5005->4997 5007 2c1330 4 API calls 5005->5007 5016 2c1370 4 API calls 5005->5016 5019 2c2aab GetLastError 5005->5019 5181 2c813d 5005->5181 5189 2ba975 QueryPerformanceCounter 5005->5189 5190 2c170c rand 5005->5190 5191 2bc075 5005->5191 5194 2c81c5 5005->5194 5198 2c0d77 5005->5198 5212 2c12f0 5005->5212 5216 2c1490 5005->5216 5006 2c1330 4 API calls 5006->4987 5007->5005 5011 2c2797 5008->5011 5014 2ba1b9 2 API calls 5011->5014 5014->4917 5015->5004 5018 2c2a7c SetFilePointerEx 5016->5018 5018->5005 5018->5019 5019->5006 5022 2ba786 memcpy 5020->5022 5021->5004 5023 2c2777 GetLastError 5022->5023 5025 2c1330 4 API calls 5023->5025 5025->5011 5027 2c138b 5026->5027 5028 2ccfa0 4 API calls 5027->5028 5029 2c13ad GetCurrentThread SetThreadGroupAffinity 5028->5029 5029->4896 5029->4897 5031 2c11ac GetLastError 5030->5031 5032 2c11c3 LookupPrivilegeValueA 5030->5032 5033 2c1330 4 API calls 5031->5033 5034 2c11ee AdjustTokenPrivileges 5032->5034 5035 2c11de GetLastError 5032->5035 5040 2c11be 5033->5040 5036 2c120d GetLastError 5034->5036 5037 2c1205 GetLastError 5034->5037 5039 2c1217 5035->5039 5036->5039 5036->5040 5037->5039 5038 2c1330 4 API calls 5038->5040 5039->5038 5041 2c122f FindCloseChangeNotification 5040->5041 5042 2c1238 5040->5042 5041->5042 5043 2ccfa0 4 API calls 5042->5043 5044 2c1247 5043->5044 5044->5004 5046 2c1657 5045->5046 5048 2c1660 5045->5048 5047 2c1490 5 API calls 5046->5047 5047->5048 5048->5004 5050 2bc010 5049->5050 5051 2bbff6 GetLargePageMinimum 5049->5051 5052 2bc018 VirtualAlloc 5050->5052 5051->5052 5053 2bc030 5052->5053 5054 2bc062 5052->5054 5055 2bc047 5053->5055 5056 2bc03a memset 5053->5056 5054->5004 5256 2bc0e3 5055->5256 5056->5055 5059 2c47e8 5058->5059 5060 2c47c0 5058->5060 5063 2c257d 5059->5063 5291 2c50f1 5059->5291 5061 2c47d0 memmove 5060->5061 5060->5063 5061->5063 5064 2c4b56 5063->5064 5065 2c4b64 5064->5065 5066 2c2588 5065->5066 5350 2c77cb 5065->5350 5068 2c4b83 5066->5068 5069 2c4b8f __EH_prolog3_catch 5068->5069 5070 2c4bc9 5069->5070 5071 2c4baa 5069->5071 5076 2c4bc1 5070->5076 5382 2c546e 5070->5382 5373 2c54c5 5071->5373 5076->4949 5078 2c46f4 5077->5078 5079 2c46de 5077->5079 5078->5079 5515 2c5010 5078->5515 5079->4938 5082 2c467f 5081->5082 5083 2c4657 5081->5083 5084 2c2b79 5082->5084 5533 2c4fac 5082->5533 5083->5084 5085 2c4667 memmove 5083->5085 5084->4945 5085->5084 5088 2c16bc 5087->5088 5089 2c16b6 5087->5089 5091 2c1490 5 API calls 5088->5091 5089->5088 5090 2c16c9 5089->5090 5092 2c1640 5 API calls 5090->5092 5093 2c16c5 5091->5093 5092->5093 5093->4991 5095 2c173f 5094->5095 5541 2c4dd7 5095->5541 5097 2c1794 5098 2c17d5 5097->5098 5117 2c17f7 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 5097->5117 5102 2c80d1 GetTickCount64 5098->5102 5099 2c1b0e ??3@YAXPAX 5100 2c1b16 5099->5100 5100->4905 5101 2c813d 2 API calls 5101->5117 5102->5097 5103 2c19b9 GetQueuedCompletionStatus 5104 2c1aea GetLastError 5103->5104 5103->5117 5105 2c1b47 5104->5105 5104->5117 5108 2c1330 4 API calls 5105->5108 5106 2c19b2 Sleep 5106->5103 5107 2c1330 4 API calls 5107->5117 5109 2c1b04 5108->5109 5109->5099 5109->5100 5110 2c0d77 16 API calls 5110->5117 5113 2c1490 5 API calls 5113->5117 5114 2c18ff ReadFile 5114->5117 5115 2c1932 5118 2bc075 rand 5115->5118 5123 2c81c5 GetTickCount64 5115->5123 5116 2c12f0 4 API calls 5116->5117 5117->5101 5117->5103 5117->5106 5117->5107 5117->5109 5117->5110 5117->5113 5117->5114 5117->5115 5117->5116 5120 2c1960 GetLastError 5117->5120 5121 2c1370 4 API calls 5117->5121 5545 2c170c rand 5117->5545 5546 2ba975 QueryPerformanceCounter 5117->5546 5119 2c1950 WriteFile 5118->5119 5119->5117 5120->5117 5122 2c1b1e GetLastError 5120->5122 5121->5117 5125 2c1330 4 API calls 5122->5125 5123->5117 5125->5109 5127 2baa98 _ftol2 5126->5127 5127->4894 5130 2c134b 5129->5130 5131 2ccfa0 4 API calls 5130->5131 5132 2c1367 5131->5132 5132->4905 5134 2c1288 DeviceIoControl 5133->5134 5135 2c1280 GetLastError 5133->5135 5137 2c12a1 GetLastError 5134->5137 5138 2c12d0 5134->5138 5136 2c12e2 5135->5136 5136->4984 5137->5138 5139 2c12b1 GetOverlappedResult 5137->5139 5138->5136 5140 2c12d9 CloseHandle 5138->5140 5139->5138 5141 2c12c6 GetLastError 5139->5141 5140->5136 5141->5138 5143 2c10b8 GetLastError 5142->5143 5144 2c10d4 DeviceIoControl 5142->5144 5147 2c1330 4 API calls 5143->5147 5145 2c10f9 GetLastError 5144->5145 5146 2c1135 CloseHandle 5144->5146 5148 2c1128 5145->5148 5149 2c1106 WaitForSingleObject 5145->5149 5150 2c10c9 5146->5150 5147->5150 5152 2c1330 4 API calls 5148->5152 5151 2c1115 GetLastError 5149->5151 5155 2c1123 5149->5155 5153 2ccfa0 4 API calls 5150->5153 5151->5148 5152->5155 5154 2c116c 5153->5154 5154->5004 5155->5146 5157 2c0ffc DeviceIoControl 5156->5157 5158 2c0fe3 GetLastError 5156->5158 5160 2c105d CloseHandle 5157->5160 5161 2c1021 GetLastError 5157->5161 5159 2c1330 4 API calls 5158->5159 5162 2c0ff4 5159->5162 5160->5162 5163 2c102e WaitForSingleObject 5161->5163 5164 2c1050 5161->5164 5168 2ccfa0 4 API calls 5162->5168 5165 2c103d GetLastError 5163->5165 5166 2c104b 5163->5166 5167 2c1330 4 API calls 5164->5167 5165->5164 5166->5160 5167->5166 5169 2c107c 5168->5169 5169->4984 5592 2bc26e 5170->5592 5174 2bea0e 5173->5174 5175 2bea21 5173->5175 5176 2ba1b9 2 API calls 5174->5176 5175->4949 5177 2bea17 5176->5177 5178 2bc3d7 memmove 5177->5178 5178->5175 5180 2c8112 5179->5180 5180->5005 5182 2c8148 GetTickCount64 5181->5182 5183 2c8171 5181->5183 5185 2c8155 5182->5185 5184 2c8177 5183->5184 5183->5185 5184->5005 5185->5184 5186 2c8180 GetTickCount64 5185->5186 5187 2c815c 5185->5187 5188 2c81a0 5186->5188 5187->5005 5188->5005 5189->5005 5190->5005 5192 2bc0a7 rand 5191->5192 5193 2bc097 WriteFile 5191->5193 5192->5193 5193->5005 5195 2c81fe 5194->5195 5196 2c81e3 5194->5196 5195->5005 5196->5195 5197 2c81e8 GetTickCount64 5196->5197 5197->5195 5199 2c0d8d 5198->5199 5201 2c0e55 5199->5201 5600 2ba975 QueryPerformanceCounter 5199->5600 5201->5005 5202 2c0d9c 5203 2c0e13 5202->5203 5206 2c0e1a 5202->5206 5207 2c0e02 5202->5207 5203->5201 5204 2c0e4a 5203->5204 5205 2c0e57 5203->5205 5609 2cc7d3 5204->5609 5209 2cc7d3 11 API calls 5205->5209 5211 2c556e 10 API calls 5206->5211 5601 2c556e 5207->5601 5209->5201 5211->5203 5213 2c130b 5212->5213 5214 2ccfa0 4 API calls 5213->5214 5215 2c1327 5214->5215 5215->5005 5217 2c14bb 5216->5217 5219 2c14f4 __aullrem 5217->5219 5664 2c13b6 rand rand rand rand rand 5217->5664 5220 2c1640 5 API calls 5219->5220 5221 2c15cc __aulldiv __aullrem 5219->5221 5220->5221 5221->5005 5223 2c1f0e 5222->5223 5230 2c1ddf 5222->5230 5224 2c1f17 WaitForSingleObjectEx 5223->5224 5225 2c1f3c 5223->5225 5229 2c1f09 5223->5229 5224->5223 5226 2c1330 4 API calls 5225->5226 5226->5229 5229->4905 5230->5223 5231 2c1e3b ReadFileEx 5230->5231 5232 2bc075 rand 5230->5232 5234 2c1edf GetLastError 5230->5234 5665 2ba975 QueryPerformanceCounter 5230->5665 5666 2c170c rand 5230->5666 5231->5230 5233 2c1e8b WriteFileEx 5232->5233 5233->5230 5236 2c1330 4 API calls 5234->5236 5236->5229 5238 2ba107 ??3@YAXPAX 5237->5238 5239 2c2e05 5238->5239 5240 2ba107 ??3@YAXPAX 5239->5240 5241 2c2e0d 5240->5241 5242 2c2e14 ??3@YAXPAX 5241->5242 5243 2c2e27 5241->5243 5242->5243 5244 2ba107 ??3@YAXPAX 5243->5244 5245 2c2e2f 5244->5245 5246 2ba107 ??3@YAXPAX 5245->5246 5247 2c2e37 5246->5247 5248 2c2e3c ??3@YAXPAX 5247->5248 5249 2c2e4f 5247->5249 5248->5249 5250 2c2e54 ??3@YAXPAX 5249->5250 5251 2c2e67 5249->5251 5250->5251 5252 2ba107 ??3@YAXPAX 5251->5252 5253 2c2e6f 5252->5253 5254 2ba107 ??3@YAXPAX 5253->5254 5255 2c2e77 5254->5255 5257 2bc118 5256->5257 5258 2bc0f6 5256->5258 5260 2bc29b 11 API calls 5257->5260 5262 2bc10a 5257->5262 5258->5257 5259 2bc0fa 5258->5259 5259->5262 5263 2bc29b 5259->5263 5260->5262 5262->5054 5264 2bc2ae 5263->5264 5265 2bc2e5 5263->5265 5266 2bc2e9 5264->5266 5269 2bc2c2 5264->5269 5265->5262 5284 2bc465 5266->5284 5274 2bc475 5269->5274 5275 2bc489 5274->5275 5276 2bc4a3 memmove 5274->5276 5279 2bc4eb 5275->5279 5281 2cca2b 2 API calls 5275->5281 5277 2bc4c8 ??3@YAXPAX 5276->5277 5278 2bc4d1 5276->5278 5277->5278 5278->5265 5280 2ccbe6 std::tr1::_Xmem 2 API calls 5279->5280 5282 2bc4f0 5280->5282 5283 2bc49c 5281->5283 5283->5276 5283->5279 5287 2ccc0a 5284->5287 5290 2ccae8 ??0exception@@QAE@ABQBD 5287->5290 5289 2ccc1d _CxxThrowException 5290->5289 5292 2c510c 5291->5292 5293 2c5144 5291->5293 5294 2c514a 5292->5294 5297 2c511f 5292->5297 5293->5063 5295 2bc465 2 API calls 5294->5295 5296 2c514f 5295->5296 5299 2c5178 5296->5299 5300 2c51c0 5296->5300 5305 2c517e 5296->5305 5311 2c5a5c 5297->5311 5316 2c5ff0 5299->5316 5301 2bc465 2 API calls 5300->5301 5303 2c51c5 5301->5303 5304 2c5227 5303->5304 5306 2c522d 5303->5306 5309 2c51fc 5303->5309 5304->5063 5305->5063 5307 2bc465 2 API calls 5306->5307 5308 2c5232 5307->5308 5323 2c5ab8 5309->5323 5312 2c5ff0 4 API calls 5311->5312 5313 2c5a6e memmove 5312->5313 5314 2c5a9b 5313->5314 5315 2c5a92 ??3@YAXPAX 5313->5315 5314->5293 5315->5314 5317 2c5ffe 5316->5317 5318 2c6015 5316->5318 5320 2cca2b 2 API calls 5317->5320 5322 2c600e 5317->5322 5318->5305 5319 2ccbe6 std::tr1::_Xmem 2 API calls 5321 2c6020 5319->5321 5320->5322 5322->5318 5322->5319 5332 2bc42f 5323->5332 5327 2c5b29 5327->5304 5328 2c5b20 ??3@YAXPAX 5328->5327 5329 2c5ae5 5329->5327 5329->5328 5330 2ba1b9 2 API calls 5329->5330 5331 2c5b1a 5329->5331 5330->5329 5331->5328 5333 2bc454 5332->5333 5335 2bc43d 5332->5335 5339 2c757e 5333->5339 5334 2bc44d 5334->5333 5337 2ccbe6 std::tr1::_Xmem 2 API calls 5334->5337 5335->5334 5336 2cca2b 2 API calls 5335->5336 5336->5334 5338 2bc45f 5337->5338 5341 2c758d 5339->5341 5340 2c75a5 5340->5329 5341->5340 5343 2bc244 5341->5343 5346 2bc3d7 5343->5346 5347 2bc3e9 5346->5347 5349 2bc262 5346->5349 5348 2bc3f1 memmove 5347->5348 5347->5349 5348->5349 5349->5341 5361 2ba107 5350->5361 5353 2ba107 ??3@YAXPAX 5354 2c77e6 5353->5354 5364 2c4c1f 5354->5364 5356 2c77ee 5357 2c4c1f 3 API calls 5356->5357 5358 2c77f6 5357->5358 5359 2ba1b9 2 API calls 5358->5359 5360 2c7801 5359->5360 5360->5065 5362 2ba111 ??3@YAXPAX 5361->5362 5363 2ba124 5361->5363 5362->5363 5363->5353 5365 2ba107 ??3@YAXPAX 5364->5365 5366 2c4c2c 5365->5366 5369 2c6130 5366->5369 5370 2c6148 5369->5370 5372 2c4c33 ??3@YAXPAX 5369->5372 5371 2c6149 ??3@YAXPAX 5370->5371 5371->5371 5371->5372 5372->5356 5374 2c54dd 5373->5374 5379 2c54ec 5373->5379 5375 2c54e2 5374->5375 5374->5379 5376 2c4b56 5 API calls 5375->5376 5378 2c54e7 5376->5378 5377 2c5511 5377->5378 5381 2c77cb 5 API calls 5377->5381 5378->5076 5379->5377 5379->5378 5394 2c6bd6 5379->5394 5381->5377 5383 2c548f 5382->5383 5384 2c4bd7 5382->5384 5385 2c54ba 5383->5385 5386 2c54a1 5383->5386 5390 2c682d 5384->5390 5387 2bc465 2 API calls 5385->5387 5451 2c5d1c 5386->5451 5388 2c54bf 5387->5388 5391 2c6839 __EH_prolog3_catch 5390->5391 5392 2c688d 5391->5392 5503 2c0cc2 5391->5503 5392->5076 5395 2bea01 3 API calls 5394->5395 5396 2c6be8 5395->5396 5405 2c6d4e 5396->5405 5399 2c6d4e 9 API calls 5400 2c6c54 5399->5400 5411 2c6d8d 5400->5411 5403 2c6d8d ??3@YAXPAX 5404 2c6c78 5403->5404 5404->5379 5406 2c6d68 5405->5406 5407 2c6c48 5405->5407 5408 2c6130 ??3@YAXPAX 5406->5408 5407->5399 5409 2c6d77 5408->5409 5415 2c6161 5409->5415 5412 2c6db4 5411->5412 5413 2c6c66 5411->5413 5414 2ba107 ??3@YAXPAX 5412->5414 5413->5403 5414->5413 5416 2c6190 5415->5416 5417 2c6180 5415->5417 5430 2c6353 5416->5430 5418 2c6188 5417->5418 5419 2c61b6 5417->5419 5425 2becf1 5418->5425 5421 2bc465 2 API calls 5419->5421 5424 2c61bb 5421->5424 5434 2bebcd 5425->5434 5427 2bed04 5428 2bed2c 5427->5428 5429 2bed23 ??3@YAXPAX 5427->5429 5428->5416 5429->5428 5431 2c6373 5430->5431 5441 2c643c 5431->5441 5433 2c61a1 5433->5407 5435 2bebdb 5434->5435 5436 2bebf2 5434->5436 5437 2bebeb 5435->5437 5439 2cca2b 2 API calls 5435->5439 5436->5427 5437->5436 5438 2ccbe6 std::tr1::_Xmem 2 API calls 5437->5438 5440 2bebfd 5438->5440 5439->5437 5442 2c6462 5441->5442 5448 2c6503 5441->5448 5443 2c648b 5442->5443 5444 2c65f1 5442->5444 5442->5448 5447 2bebcd 4 API calls 5443->5447 5445 2bc465 2 API calls 5444->5445 5446 2c65f6 5445->5446 5449 2c649f 5447->5449 5448->5433 5449->5448 5450 2c64fa ??3@YAXPAX 5449->5450 5450->5448 5452 2c5d28 __EH_prolog3_catch 5451->5452 5460 2c60f7 5452->5460 5456 2c5d85 5456->5384 5457 2c5d7c ??3@YAXPAX 5457->5456 5458 2c77cb 5 API calls 5459 2c5d4b 5458->5459 5459->5456 5459->5457 5459->5458 5461 2c5d32 5460->5461 5462 2c6105 5460->5462 5467 2c75e3 5461->5467 5464 2cca2b 2 API calls 5462->5464 5466 2c6118 5462->5466 5463 2ccbe6 std::tr1::_Xmem 2 API calls 5465 2c612a 5463->5465 5464->5466 5466->5461 5466->5463 5468 2c75ef __EH_prolog3_catch 5467->5468 5469 2c7650 5468->5469 5471 2c797e 5468->5471 5469->5459 5472 2c798a 5471->5472 5473 2bc244 memmove 5472->5473 5474 2c7998 5473->5474 5479 2c7b35 5474->5479 5476 2c79fc 5477 2c7b35 10 API calls 5476->5477 5478 2c7a0c 5477->5478 5478->5468 5480 2c7b41 5479->5480 5487 2c65fc 5480->5487 5482 2c7b64 5483 2c6130 ??3@YAXPAX 5482->5483 5484 2c7b8c 5483->5484 5485 2c6161 8 API calls 5484->5485 5486 2c7b95 5485->5486 5486->5476 5488 2cca2b 2 API calls 5487->5488 5489 2c6608 5488->5489 5490 2ccbe6 std::tr1::_Xmem 2 API calls 5489->5490 5492 2c660d 5489->5492 5491 2c6631 5490->5491 5497 2c6e2c 5491->5497 5492->5482 5495 2bc244 memmove 5496 2c665e 5495->5496 5496->5482 5498 2cca2b 2 API calls 5497->5498 5499 2c6e38 5498->5499 5500 2c6643 5499->5500 5501 2ccbe6 std::tr1::_Xmem 2 API calls 5499->5501 5500->5495 5500->5496 5502 2c6e62 5501->5502 5504 2c0cce 5503->5504 5509 2c4c43 5504->5509 5506 2c0d16 5507 2c4c43 9 API calls 5506->5507 5508 2c0d22 5507->5508 5508->5391 5510 2c4c4f 5509->5510 5511 2c65fc 5 API calls 5510->5511 5512 2c4c6a 5511->5512 5513 2c6161 8 API calls 5512->5513 5514 2c4c8a 5513->5514 5514->5506 5516 2c5076 5515->5516 5517 2c5031 5515->5517 5516->5079 5518 2c507d 5517->5518 5519 2c5046 5517->5519 5520 2bc465 2 API calls 5518->5520 5523 2c59db 5519->5523 5521 2c5082 5520->5521 5524 2c59ef 5523->5524 5525 2c5a07 5523->5525 5526 2c5a51 5524->5526 5528 2cca2b 2 API calls 5524->5528 5531 2c5a2a ??3@YAXPAX 5525->5531 5532 2c5a36 5525->5532 5527 2ccbe6 std::tr1::_Xmem 2 API calls 5526->5527 5529 2c5a56 5527->5529 5530 2c5a00 5528->5530 5530->5525 5530->5526 5531->5532 5532->5516 5534 2c4fff 5533->5534 5535 2c4fc7 5533->5535 5534->5084 5536 2c5005 5535->5536 5537 2c4fda 5535->5537 5538 2bc465 2 API calls 5536->5538 5540 2bc475 6 API calls 5537->5540 5539 2c500a 5538->5539 5540->5534 5542 2c4e0c 5541->5542 5544 2c4df6 5541->5544 5542->5544 5547 2c5735 5542->5547 5544->5097 5545->5117 5546->5117 5548 2c579b 5547->5548 5549 2c5756 5547->5549 5548->5544 5550 2c576b 5549->5550 5551 2c57a2 5549->5551 5555 2c5efa 5550->5555 5552 2bc465 2 API calls 5551->5552 5553 2c57a7 5552->5553 5556 2c5f0e 5555->5556 5557 2c5f26 5555->5557 5558 2c5f70 5556->5558 5559 2cca2b 2 API calls 5556->5559 5563 2c5f49 ??3@YAXPAX 5557->5563 5564 2c5f55 5557->5564 5560 2ccbe6 std::tr1::_Xmem 2 API calls 5558->5560 5562 2c5f1f 5559->5562 5561 2c5f75 5560->5561 5570 2c566f 5561->5570 5562->5557 5562->5558 5563->5564 5564->5548 5566 2c5fc9 5566->5548 5567 2c5f8f 5567->5566 5577 2c5927 5567->5577 5571 2c5697 5570->5571 5573 2c567d 5570->5573 5571->5567 5572 2c5690 5572->5571 5575 2ccbe6 std::tr1::_Xmem 2 API calls 5572->5575 5573->5572 5574 2cca2b 2 API calls 5573->5574 5574->5572 5576 2c56a2 5575->5576 5578 2c595b ??3@YAXPAX 5577->5578 5580 2c5935 5577->5580 5578->5566 5579 2ba107 ??3@YAXPAX 5579->5580 5580->5578 5580->5579 5582 2c52fd 5580->5582 5583 2c5309 5582->5583 5584 2c5331 5582->5584 5585 2c531d ??3@YAXPAX 5583->5585 5587 2c542f 5583->5587 5584->5580 5585->5584 5588 2c543b 5587->5588 5589 2c5466 5587->5589 5590 2c5452 ??3@YAXPAX 5588->5590 5591 2c77cb 5 API calls 5588->5591 5589->5583 5590->5589 5591->5588 5595 2ba205 5592->5595 5594 2ba799 5594->4949 5596 2ba291 5595->5596 5597 2ba21c 5595->5597 5598 2ba22a 5597->5598 5599 2ba265 memcpy 5597->5599 5598->5594 5599->5598 5600->5202 5604 2c5583 5601->5604 5602 2c560e 5602->5203 5604->5602 5616 2c7762 5604->5616 5610 2cc82f 5609->5610 5612 2cc7e7 __aulldiv 5609->5612 5646 2c829a ??0exception@@QAE@ABQBD 5610->5646 5614 2cc812 5612->5614 5640 2cc9b9 5612->5640 5613 2cc83c _CxxThrowException 5614->5201 5617 2c65fc 5 API calls 5616->5617 5618 2c55e7 5617->5618 5619 2c7118 5618->5619 5620 2c55f2 5619->5620 5621 2c713a 5619->5621 5624 2c693d 5620->5624 5622 2ccc0a 2 API calls 5621->5622 5623 2c7144 5622->5623 5625 2c6949 __EH_prolog3_catch 5624->5625 5628 2c69dc 5625->5628 5629 2c6989 5625->5629 5627 2c69b7 5627->5602 5637 2c7036 5628->5637 5631 2c6ee9 5629->5631 5633 2c6f04 5631->5633 5632 2c6f75 5632->5627 5633->5632 5634 2c6161 8 API calls 5633->5634 5635 2c6f52 5634->5635 5635->5632 5636 2c693d 9 API calls 5635->5636 5636->5635 5638 2c704a ??3@YAXPAX 5637->5638 5639 2c7067 5637->5639 5638->5639 5639->5627 5641 2cc9e8 5640->5641 5642 2cc9d4 5640->5642 5644 2cc9e6 5641->5644 5651 2c5622 5641->5651 5647 2c7706 5642->5647 5644->5614 5646->5613 5648 2c771b 5647->5648 5649 2c7720 5648->5649 5650 2c7729 memmove 5648->5650 5649->5644 5650->5649 5652 2c563c 5651->5652 5653 2c565f 5651->5653 5654 2c564c 5652->5654 5655 2c5664 5652->5655 5653->5644 5659 2c5df7 5654->5659 5656 2bc465 2 API calls 5655->5656 5657 2c5669 5656->5657 5660 2bebcd 4 API calls 5659->5660 5661 2c5e09 memmove 5660->5661 5662 2c5e2d ??3@YAXPAX 5661->5662 5663 2c5e36 5661->5663 5662->5663 5663->5653 5664->5219 5665->5230 5666->5230 6393 2c1b60 6394 2c1b9f 6393->6394 6395 2c1b84 6393->6395 6396 2c1be9 6394->6396 6398 2c1330 4 API calls 6394->6398 6397 2c1330 4 API calls 6395->6397 6399 2c1c04 6396->6399 6401 2c12f0 4 API calls 6396->6401 6418 2c1b97 6397->6418 6398->6396 6400 2c1c49 6399->6400 6402 2c0d77 16 API calls 6399->6402 6403 2c1490 5 API calls 6400->6403 6401->6399 6402->6400 6404 2c1c5e __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 6403->6404 6405 2c1370 4 API calls 6404->6405 6406 2c1c9b 6405->6406 6407 2c1ce0 6406->6407 6406->6418 6419 2ba975 QueryPerformanceCounter 6406->6419 6420 2c170c rand 6407->6420 6410 2c1cf7 6411 2c1d0e ReadFileEx 6410->6411 6412 2c1d41 6410->6412 6414 2c1d68 6411->6414 6413 2bc075 rand 6412->6413 6415 2c1d5f WriteFileEx 6413->6415 6416 2c1d7d GetLastError 6414->6416 6414->6418 6415->6414 6417 2c1330 4 API calls 6416->6417 6417->6418 6419->6407 6420->6410 6421 2cd1e0 ??1type_info@@UAE 6422 2cd1fb 6421->6422 6423 2cd1f4 ??3@YAXPAX 6421->6423 6423->6422 6424 2bf766 6425 2c0a84 12 API calls 6424->6425 6426 2bf785 6425->6426 6427 2c0a84 12 API calls 6426->6427 6448 2bf937 6426->6448 6428 2bf7b3 6427->6428 6429 2c0a84 12 API calls 6428->6429 6428->6448 6430 2bf7db 6429->6430 6431 2c0a84 12 API calls 6430->6431 6430->6448 6432 2bf803 6431->6432 6433 2c0a84 12 API calls 6432->6433 6432->6448 6434 2bf82b 6433->6434 6435 2c0a84 12 API calls 6434->6435 6434->6448 6436 2bf853 6435->6436 6437 2c0a84 12 API calls 6436->6437 6436->6448 6438 2bf87b 6437->6438 6439 2c0a84 12 API calls 6438->6439 6438->6448 6440 2bf8a3 6439->6440 6441 2c0a84 12 API calls 6440->6441 6440->6448 6442 2bf8cb 6441->6442 6443 2c0a84 12 API calls 6442->6443 6442->6448 6444 2bf8ef 6443->6444 6445 2c0a84 12 API calls 6444->6445 6444->6448 6446 2bf913 6445->6446 6447 2c0a84 12 API calls 6446->6447 6446->6448 6447->6448 6449 2c4d63 6450 2c4d7c 6449->6450 6451 2c4da2 6449->6451 6452 2c4d82 6450->6452 6453 2c4d8b memmove 6450->6453 6451->6452 6456 2c56de 6451->6456 6453->6452 6457 2c4db0 memset 6456->6457 6458 2c56f3 6456->6458 6457->6452 6459 2c572a 6458->6459 6460 2c56fd 6458->6460 6461 2bc465 2 API calls 6459->6461 6464 2c5e88 6460->6464 6462 2c572f 6461->6462 6465 2c5e9c 6464->6465 6466 2c5eae memmove 6464->6466 6467 2c5eef 6465->6467 6471 2cca2b 2 API calls 6465->6471 6468 2c5ecd ??3@YAXPAX 6466->6468 6469 2c5ed6 6466->6469 6470 2ccbe6 std::tr1::_Xmem 2 API calls 6467->6470 6468->6469 6469->6457 6474 2c5ef4 6470->6474 6472 2c5ea7 6471->6472 6472->6466 6472->6467 6473 2c5f26 6480 2c5f49 ??3@YAXPAX 6473->6480 6481 2c5f55 6473->6481 6474->6473 6475 2c5f70 6474->6475 6476 2cca2b 2 API calls 6474->6476 6477 2ccbe6 std::tr1::_Xmem 2 API calls 6475->6477 6479 2c5f1f 6476->6479 6478 2c5f75 6477->6478 6482 2c566f 4 API calls 6478->6482 6479->6473 6479->6475 6480->6481 6481->6457 6483 2c5f8f 6482->6483 6484 2c5fc9 6483->6484 6485 2c5927 7 API calls 6483->6485 6484->6457 6486 2c5fc0 ??3@YAXPAX 6485->6486 6486->6484 6487 2c8df8 6488 2c8e41 6487->6488 6489 2c834c 8 API calls 6488->6489 6490 2c8e50 6489->6490 6491 2c834c 8 API calls 6490->6491 6492 2c8e5b 6491->6492 6493 2c8e90 sprintf_s 6492->6493 6499 2c8f8c 6492->6499 6495 2c834c 8 API calls 6493->6495 6494 2c834c 8 API calls 6497 2c8f9b sprintf_s 6494->6497 6495->6492 6498 2c834c 8 API calls 6497->6498 6500 2c9006 6498->6500 6499->6494 6501 2ccfa0 4 API calls 6500->6501 6502 2c901a 6501->6502 6503 2bc77e 6504 2bc792 6503->6504 6507 2bc7ac 6503->6507 6505 2bc7ef 6504->6505 6506 2cca2b 2 API calls 6504->6506 6508 2ccbe6 std::tr1::_Xmem 2 API calls 6505->6508 6509 2bc7a5 6506->6509 6510 2bc7cc ??3@YAXPAX 6507->6510 6511 2bc7d5 6507->6511 6512 2bc7f4 __EH_prolog3_catch 6508->6512 6509->6505 6509->6507 6510->6511 6513 2bc861 6512->6513 6514 2bc26e memcpy 6512->6514 6514->6512 6515 2bcd7e 6519 2bcdb8 6515->6519 6524 2bce00 6515->6524 6516 2bce49 6544 2be9ca 6516->6544 6517 2bce18 6538 2bcc0b 6517->6538 6522 2bcdd1 memchr 6519->6522 6519->6524 6522->6519 6522->6524 6523 2bce2e 6527 2ba3ca 2 API calls 6523->6527 6524->6516 6524->6517 6525 2bcc0b 3 API calls 6526 2bce6e 6525->6526 6528 2ba1b9 2 API calls 6526->6528 6529 2bce47 6527->6529 6530 2bce7d 6528->6530 6532 2ccfa0 4 API calls 6529->6532 6531 2be9ca memcpy 6530->6531 6533 2bce8f 6531->6533 6534 2bceb6 6532->6534 6535 2bea01 3 API calls 6533->6535 6536 2bce99 6535->6536 6537 2ba1b9 2 API calls 6536->6537 6537->6529 6543 2bcc32 __aulldiv 6538->6543 6539 2bcd62 6539->6523 6540 2bcca3 toupper 6540->6543 6542 2bcccd fprintf 6542->6543 6543->6539 6543->6540 6547 2cd7cd __iob_func 6543->6547 6545 2ba205 memcpy 6544->6545 6546 2bce58 6545->6546 6546->6525 6547->6542 6548 2c31fa 6549 2c3205 SetEvent 6548->6549 6556 2c322f 6548->6556 6550 2c321c 6549->6550 6551 2c3239 6549->6551 6553 2c1330 4 API calls 6550->6553 6552 2c3231 Sleep 6551->6552 6551->6556 6552->6551 6554 2c3226 6553->6554 6557 2c31aa 6554->6557 6558 2c31ef 6557->6558 6559 2c31c4 TerminateThread 6557->6559 6558->6556 6560 2c31d3 6559->6560 6560->6558 6560->6559 6561 2c1330 4 API calls 6560->6561 6561->6560 6562 2b9a70 QueryPerformanceFrequency 6563 2cc5f0 6564 2cc604 6563->6564 6565 2cc623 6563->6565 6564->6565 6566 2cc608 6564->6566 6567 2cc615 6565->6567 6568 2cc649 7 API calls 6565->6568 6566->6567 6570 2cc649 6566->6570 6568->6567 6571 2cc65c 6570->6571 6572 2cc693 6570->6572 6573 2cc697 6571->6573 6574 2cc670 6571->6574 6572->6567 6575 2bc465 2 API calls 6573->6575 6578 2cc6a2 6574->6578 6576 2cc69c 6575->6576 6579 2cc6b9 6578->6579 6581 2cc6d3 6578->6581 6580 2cc714 6579->6580 6582 2cca2b 2 API calls 6579->6582 6583 2ccbe6 std::tr1::_Xmem 2 API calls 6580->6583 6585 2cc6ee ??3@YAXPAX 6581->6585 6586 2cc6f6 6581->6586 6584 2cc6cc 6582->6584 6587 2cc719 6583->6587 6584->6580 6584->6581 6585->6586 6586->6572 6588 2ca5cd 6592 2ca8a9 6588->6592 6593 2ca5e0 _CIsqrt 6592->6593 6594 2ca8c3 6592->6594 6594->6593 6597 2c82c3 ??0exception@@QAE@ABQBD 6594->6597 6596 2ca933 _CxxThrowException 6597->6596 6598 2cbb4b 6599 2cbb6e 6598->6599 6600 2c834c 8 API calls 6599->6600 6601 2cbc6a 6599->6601 6600->6599 6602 2ca644 6603 2ca6e9 6602->6603 6604 2ca660 6602->6604 6626 2c8257 ??0exception@@QAE@ABQBD 6603->6626 6604->6603 6605 2ca66b 6604->6605 6617 2ca948 6605->6617 6607 2ca6f8 _CxxThrowException 6610 2ca745 6607->6610 6611 2ca6d3 6627 2c829a ??0exception@@QAE@ABQBD 6611->6627 6613 2ca6d5 6623 2ca878 6613->6623 6614 2ca68e 6614->6611 6614->6613 6616 2ca6df 6618 2ca954 6617->6618 6628 2caa15 6618->6628 6620 2ca96b 6621 2ca992 6620->6621 6634 2caa45 6620->6634 6621->6614 6668 2ca9d8 6623->6668 6626->6607 6627->6607 6629 2cca2b 2 API calls 6628->6629 6630 2caa1c 6629->6630 6631 2caa25 6630->6631 6641 2cca88 ??0exception@@QAE@ABQBDH 6630->6641 6631->6620 6633 2ccbf6 _CxxThrowException 6639 2caa51 __EH_prolog3_catch 6634->6639 6636 2cab59 6651 2cacd3 6636->6651 6638 2caa73 6638->6620 6639->6636 6640 2caa61 6639->6640 6642 2cabaa 6640->6642 6641->6633 6643 2cabc1 6642->6643 6644 2cacc3 6642->6644 6655 2cad87 6643->6655 6645 2ccc0a 2 API calls 6644->6645 6648 2caccd __EH_prolog3_catch 6645->6648 6647 2cabc9 6647->6638 6649 2cabaa 13 API calls 6648->6649 6650 2cad37 6648->6650 6649->6650 6650->6638 6652 2cacdf __EH_prolog3_catch 6651->6652 6653 2cabaa 13 API calls 6652->6653 6654 2cad37 6652->6654 6653->6654 6654->6638 6658 2cadba 6655->6658 6657 2cad92 6657->6647 6659 2cca2b 2 API calls 6658->6659 6660 2cadc6 6659->6660 6661 2cadcd 6660->6661 6662 2ccbe6 std::tr1::_Xmem 2 API calls 6660->6662 6661->6657 6663 2cadf0 sprintf_s 6662->6663 6664 2ba144 2 API calls 6663->6664 6665 2cae32 6664->6665 6666 2ccfa0 4 API calls 6665->6666 6667 2cae3f 6666->6667 6667->6657 6669 2ca9ed 6668->6669 6670 2ca887 ??3@YAXPAX 6668->6670 6671 2ca9f7 ??3@YAXPAX 6669->6671 6670->6616 6671->6669 6671->6670 6672 2cc944 6673 2cc969 6672->6673 6674 2cc97a 6672->6674 6675 2cc9b9 9 API calls 6673->6675 6675->6674 6676 2c49c4 6677 2c49ea 6676->6677 6678 2c49de 6676->6678 6678->6677 6679 2c4a9b ??3@YAXPAX 6678->6679 6680 2c4aa3 6678->6680 6679->6680 6681 2c5238 8 API calls 6680->6681 6681->6677 6682 2c6a45 6683 2c6a5f 6682->6683 6684 2c6a55 6682->6684 6686 2c6b75 6683->6686 6687 2ba205 memcpy 6683->6687 6685 2ba205 memcpy 6684->6685 6685->6683 6687->6686 4884 2c1446 4885 2c1471 NtQuerySystemInformation 4884->4885 4886 2ccfa0 4 API calls 4885->4886 4887 2c1485 4886->4887 6688 2baac1 sprintf_s 6689 2ba144 2 API calls 6688->6689 6690 2bab04 6689->6690 6691 2ccfa0 4 API calls 6690->6691 6692 2bab11 6691->6692 6693 2bd640 6694 2bd65d 6693->6694 6714 2bd656 6693->6714 6695 2bd70d 6694->6695 6696 2bd7a9 6694->6696 6700 2bd70b 6694->6700 6701 2bca4a 7 API calls 6694->6701 6694->6714 6717 2cd7cd __iob_func 6695->6717 6721 2cd7cd __iob_func 6696->6721 6699 2bd759 6704 2bd7a2 6699->6704 6706 2bd7e1 6699->6706 6719 2cd7cd __iob_func 6699->6719 6700->6699 6718 2cd7cd __iob_func 6700->6718 6701->6694 6702 2bd71a fprintf 6702->6700 6703 2bd7b5 fprintf 6703->6700 6722 2cd7cd __iob_func 6704->6722 6710 2bca4a 7 API calls 6706->6710 6709 2bd74c fprintf 6709->6699 6710->6714 6711 2bd775 fprintf 6711->6704 6712 2bd787 6711->6712 6720 2cd7cd __iob_func 6712->6720 6713 2bd7d3 fprintf 6713->6706 6713->6714 6716 2bd793 fprintf 6716->6704 6716->6712 6717->6702 6718->6709 6719->6711 6720->6716 6721->6703 6722->6713 6723 2cc8c7 6725 2cc8da 6723->6725 6724 2cc8e0 6725->6724 6726 2cc92c _CIsqrt 6725->6726 6726->6724 6727 2b9d40 vprintf 6728 2c83c7 6729 2c83d7 6728->6729 6730 2c834c 8 API calls 6729->6730 6731 2c8436 6730->6731 6732 2be8c7 6733 2be901 6732->6733 6734 2be8f3 6732->6734 6735 2be8fb 6734->6735 6736 2be929 6734->6736 6737 2bebcd 4 API calls 6735->6737 6738 2bc465 2 API calls 6736->6738 6737->6733 6740 2be92e 6738->6740 6739 2be98f 6741 2be99c 6739->6741 6743 2bea9a 13 API calls 6739->6743 6740->6739 6742 2be950 6740->6742 6746 2ba7ef memcpy 6741->6746 6748 2be98a 6741->6748 6744 2be96b 6742->6744 6745 2bea9a 13 API calls 6742->6745 6743->6741 6747 2ba7ef memcpy 6744->6747 6744->6748 6745->6744 6746->6748 6747->6748 6753 2bb845 6754 2bb862 6753->6754 6755 2ba144 2 API calls 6754->6755 6756 2bb89b sprintf_s 6755->6756 6757 2bb8ce 6756->6757 6758 2bc52f 2 API calls 6757->6758 6759 2bb8e0 6758->6759 6760 2bc52f 2 API calls 6759->6760 6761 2bb90c 6760->6761 6762 2bc52f 2 API calls 6761->6762 6763 2bb92c 6762->6763 6765 2bc52f 2 API calls 6763->6765 6766 2bb961 6763->6766 6764 2bbaeb 6767 2bc52f 2 API calls 6764->6767 6765->6766 6766->6764 6768 2bc52f 2 API calls 6766->6768 6771 2bbb00 6767->6771 6772 2bb98b 6768->6772 6769 2bbb42 6773 2bc52f 2 API calls 6769->6773 6771->6769 6776 2ba1b9 2 API calls 6771->6776 6801 2bb41d 6771->6801 6774 2bc52f 2 API calls 6772->6774 6777 2bbb57 6773->6777 6775 2bb9ab 6774->6775 6780 2bc52f 2 API calls 6775->6780 6776->6771 6778 2bc52f 2 API calls 6777->6778 6779 2bbb6c 6778->6779 6781 2ccfa0 4 API calls 6779->6781 6783 2bb9cb 6780->6783 6782 2bbb86 6781->6782 6784 2bc52f 2 API calls 6783->6784 6785 2bb9eb 6784->6785 6786 2bc52f 2 API calls 6785->6786 6787 2bba0b 6786->6787 6788 2bc52f 2 API calls 6787->6788 6789 2bba2b 6788->6789 6790 2bc52f 2 API calls 6789->6790 6791 2bba4b 6790->6791 6792 2bc52f 2 API calls 6791->6792 6793 2bba6b 6792->6793 6794 2bc52f 2 API calls 6793->6794 6795 2bba8b 6794->6795 6796 2bc52f 2 API calls 6795->6796 6797 2bbaab 6796->6797 6798 2bc52f 2 API calls 6797->6798 6799 2bbacb 6798->6799 6800 2bc52f 2 API calls 6799->6800 6800->6764 6802 2bb43a 6801->6802 6803 2ba144 2 API calls 6802->6803 6804 2bb479 6803->6804 6805 2bc52f 2 API calls 6804->6805 6806 2bb4a7 6805->6806 6807 2bc52f 2 API calls 6806->6807 6808 2bb4c7 6807->6808 6809 2bc52f 2 API calls 6808->6809 6810 2bb4e7 6809->6810 6811 2bc52f 2 API calls 6810->6811 6812 2bb507 sprintf_s 6811->6812 6813 2bb52e 6812->6813 6814 2bc52f 2 API calls 6813->6814 6815 2bb540 sprintf_s 6814->6815 6816 2bb562 6815->6816 6817 2bc52f 2 API calls 6816->6817 6818 2bb574 sprintf_s 6817->6818 6819 2bb596 6818->6819 6820 2bc52f 2 API calls 6819->6820 6821 2bb5a8 sprintf_s 6820->6821 6822 2bb5ca 6821->6822 6823 2bc52f 2 API calls 6822->6823 6824 2bb5dc sprintf_s 6823->6824 6825 2bb5fe 6824->6825 6826 2bc52f 2 API calls 6825->6826 6827 2bb610 sprintf_s 6826->6827 6828 2bb632 6827->6828 6829 2bc52f 2 API calls 6828->6829 6831 2bb644 6829->6831 6830 2bb6c8 6832 2bc52f 2 API calls 6830->6832 6831->6830 6833 2bc52f 2 API calls 6831->6833 6839 2bb6e3 6832->6839 6837 2bb666 6833->6837 6834 2bb66e sprintf_s 6834->6837 6835 2bb6b3 6841 2bc52f 2 API calls 6835->6841 6836 2bb72e 6842 2bc52f 2 API calls 6836->6842 6837->6834 6837->6835 6840 2bc52f 2 API calls 6837->6840 6839->6836 6844 2ba1b9 2 API calls 6839->6844 6849 2bab1c 6839->6849 6840->6837 6841->6830 6843 2bb743 6842->6843 6845 2bc52f 2 API calls 6843->6845 6844->6839 6846 2bb758 6845->6846 6847 2ccfa0 4 API calls 6846->6847 6848 2bb772 6847->6848 6848->6771 6850 2bab39 6849->6850 6851 2ba144 2 API calls 6850->6851 6852 2bab72 6851->6852 6948 2bc716 6852->6948 6854 2baba9 6855 2ba1b9 2 API calls 6854->6855 6856 2babc6 6855->6856 6857 2ba1b9 2 API calls 6856->6857 6858 2babd7 sprintf_s 6857->6858 6859 2babfd 6858->6859 6860 2bc52f 2 API calls 6859->6860 6861 2bac0f sprintf_s 6860->6861 6862 2bac38 6861->6862 6863 2bc52f 2 API calls 6862->6863 6864 2bac4a 6863->6864 6865 2bc52f 2 API calls 6864->6865 6866 2bac77 6865->6866 6867 2bc52f 2 API calls 6866->6867 6868 2baca5 6867->6868 6869 2bc52f 2 API calls 6868->6869 6870 2bacd3 6869->6870 6871 2bc52f 2 API calls 6870->6871 6873 2bad01 6871->6873 6872 2bad5b 6877 2bc52f 2 API calls 6872->6877 6874 2bad3a 6873->6874 6875 2bc52f 2 API calls 6873->6875 6874->6872 6876 2bc52f 2 API calls 6874->6876 6875->6874 6876->6872 6878 2bad73 6877->6878 6879 2bc52f 2 API calls 6878->6879 6898 2bad79 6878->6898 6881 2badcb 6879->6881 6880 2bc52f 2 API calls 6882 2baeae 6880->6882 6884 2bc52f 2 API calls 6881->6884 6883 2bc52f 2 API calls 6882->6883 6887 2baec6 6883->6887 6885 2bade3 sprintf_s 6884->6885 6886 2bae12 6885->6886 6888 2bc52f 2 API calls 6886->6888 6889 2bc52f 2 API calls 6887->6889 6890 2bae24 6888->6890 6891 2baef1 6889->6891 6954 2bc755 6890->6954 6893 2baf2f 6891->6893 6894 2baef7 sprintf_s 6891->6894 6896 2baf38 sprintf_s 6893->6896 6897 2baf70 6893->6897 6895 2baf1d 6894->6895 6906 2bc52f 2 API calls 6895->6906 6901 2baf5e 6896->6901 6899 2bafb1 6897->6899 6900 2baf76 sprintf_s 6897->6900 6898->6880 6904 2bb002 sprintf_s 6899->6904 6905 2bafb7 sprintf_s 6899->6905 6903 2baf9f 6900->6903 6907 2bc52f 2 API calls 6901->6907 6902 2bae34 6902->6898 6908 2bc716 3 API calls 6902->6908 6911 2bc52f 2 API calls 6903->6911 6913 2bb038 6904->6913 6914 2bafee 6905->6914 6906->6893 6907->6897 6910 2bae68 6908->6910 6916 2ba1b9 2 API calls 6910->6916 6911->6899 6915 2bc52f 2 API calls 6913->6915 6917 2bc52f 2 API calls 6914->6917 6923 2bb04a 6915->6923 6918 2bae85 6916->6918 6919 2bb000 sprintf_s 6917->6919 6921 2ba1b9 2 API calls 6918->6921 6922 2bb094 6919->6922 6921->6898 6924 2bc52f 2 API calls 6922->6924 6925 2bc52f 2 API calls 6923->6925 6926 2bb0a6 sprintf_s 6924->6926 6925->6919 6927 2bb0cb 6926->6927 6928 2bc52f 2 API calls 6927->6928 6929 2bb0dd sprintf_s 6928->6929 6930 2bb0ff 6929->6930 6931 2bc52f 2 API calls 6930->6931 6932 2bb111 sprintf_s 6931->6932 6933 2bb133 6932->6933 6934 2bc52f 2 API calls 6933->6934 6935 2bb145 sprintf_s 6934->6935 6936 2bb16a 6935->6936 6937 2bc52f 2 API calls 6936->6937 6938 2bb17c sprintf_s 6937->6938 6939 2bb19e 6938->6939 6940 2bc52f 2 API calls 6939->6940 6941 2bb1b0 6940->6941 6942 2bc52f 2 API calls 6941->6942 6943 2bb1ec 6942->6943 6944 2bc52f 2 API calls 6943->6944 6945 2bb201 6944->6945 6946 2ccfa0 4 API calls 6945->6946 6947 2bb21b 6946->6947 6947->6839 6949 2bc732 6948->6949 6950 2bc52f 2 API calls 6949->6950 6951 2bc73e 6950->6951 6952 2bc244 memmove 6951->6952 6953 2bc746 6952->6953 6953->6854 6955 2bc763 6954->6955 6956 2bc383 memcmp 6955->6956 6957 2bc771 6956->6957 6957->6902 6958 2c8442 6959 2c834c 8 API calls 6958->6959 6960 2c8455 6959->6960 6961 2c834c 8 API calls 6960->6961 6962 2c8460 6961->6962 6963 2c834c 8 API calls 6962->6963 6964 2c846b 6963->6964 6965 2c834c 8 API calls 6964->6965 6966 2c8476 6965->6966 6967 2c834c 8 API calls 6966->6967 6968 2c8481 6967->6968 6969 2c834c 8 API calls 6968->6969 6970 2c84a1 6969->6970 6971 2c834c 8 API calls 6970->6971 6972 2c84b2 6971->6972 6973 2c834c 8 API calls 6972->6973 6974 2c84c0 6973->6974 6975 2c834c 8 API calls 6974->6975 6976 2c84ce 6975->6976 6977 2c834c 8 API calls 6976->6977 6978 2c84dc 6977->6978 6979 2bcec4 130 API calls 6980 2c4add 6981 2c4afc 6980->6981 6982 2c4b12 6980->6982 6986 2c538e 6981->6986 6985 2c4b10 6982->6985 6995 2c5339 6982->6995 6987 2c53a9 6986->6987 6991 2c53ce 6986->6991 6989 2c53b0 6987->6989 6987->6991 6988 2c53c4 6988->6985 6989->6988 6992 2c542f 6 API calls 6989->6992 6990 2c53ef 6990->6988 6994 2c542f 6 API calls 6990->6994 6991->6988 6991->6990 7003 2c6b9a 6991->7003 6992->6989 6994->6990 6996 2c537c 6995->6996 6997 2c5358 6995->6997 6996->6985 6998 2c536a 6997->6998 6999 2c5383 6997->6999 7007 2c5c3f 6998->7007 7000 2bc465 2 API calls 6999->7000 7001 2c5388 7000->7001 7004 2c6baf 7003->7004 7005 2c6baa 7003->7005 7004->6991 7006 2c542f 6 API calls 7005->7006 7006->7004 7014 2c60c1 7007->7014 7009 2c5cac 7009->6996 7010 2c5ca3 ??3@YAXPAX 7010->7009 7011 2c542f 6 API calls 7012 2c5c57 7011->7012 7012->7009 7012->7010 7012->7011 7013 2c5c9d 7012->7013 7013->7010 7015 2c60e6 7014->7015 7016 2c60cf 7014->7016 7015->7012 7017 2cca2b 2 API calls 7016->7017 7019 2c60df 7016->7019 7017->7019 7018 2ccbe6 std::tr1::_Xmem 2 API calls 7020 2c60f1 7018->7020 7019->7015 7019->7018 7021 2c74d8 7022 2ba107 ??3@YAXPAX 7021->7022 7023 2c74ec 7022->7023 7024 2c52fd 7 API calls 7023->7024 7025 2c74f7 7024->7025 7026 2c0b58 7027 2c0b9e 7026->7027 7028 2c0b74 7026->7028 7029 2c0b7b 7027->7029 7032 2c0be3 7027->7032 7028->7029 7030 2c0b84 memmove 7028->7030 7030->7029 7033 2c0bfd 7032->7033 7034 2c0c33 7032->7034 7035 2c0c39 7033->7035 7038 2c0c0f 7033->7038 7034->7029 7036 2bc465 2 API calls 7035->7036 7037 2c0c3e 7036->7037 7040 2c0c44 7038->7040 7041 2c0c58 7040->7041 7042 2c0c70 memmove 7040->7042 7045 2c0cb7 7041->7045 7046 2cca2b 2 API calls 7041->7046 7043 2c0c9d 7042->7043 7044 2c0c94 ??3@YAXPAX 7042->7044 7043->7034 7044->7043 7047 2ccbe6 std::tr1::_Xmem 2 API calls 7045->7047 7048 2c0c69 7046->7048 7049 2c0cbc 7047->7049 7048->7042 7048->7045 7050 2cd056 7053 2ccfb8 7050->7053 7054 2ccfc4 7053->7054 7055 2ccfeb _lock __dllonexit 7054->7055 7056 2ccfd5 _onexit 7054->7056 7062 2cd048 _unlock 7055->7062 7059 2cd03d 7056->7059 7060 2cd5b4 4 API calls 7059->7060 7061 2cd044 7060->7061 7062->7059 7063 2c6fd6 7064 2c6feb 7063->7064 7065 2c7036 ??3@YAXPAX 7064->7065 7066 2c7028 7065->7066 7067 2b9b50 7068 2b9b7d 7067->7068 7069 2ccfa0 4 API calls 7068->7069 7070 2b9b94 7069->7070 7072 2cd5d0 _except_handler4_common

                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                              Function 002C1F60 Relevance: 116.5, APIs: 35, Strings: 31, Instructions: 1033filesynchronizationthreadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 002C1F6A
                                                                                                                                                                                                                                              • srand.MSVCRT ref: 002C1FFE
                                                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 002C2066
                                                                                                                                                                                                                                              • SetThreadGroupAffinity.KERNELBASE(00000000,?,00000000), ref: 002C2073
                                                                                                                                                                                                                                              • atoi.MSVCRT ref: 002C212D
                                                                                                                                                                                                                                              • sprintf_s.MSVCRT ref: 002C2146
                                                                                                                                                                                                                                              • isalpha.MSVCRT ref: 002C2161
                                                                                                                                                                                                                                              • sprintf_s.MSVCRT ref: 002C2188
                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(?,-C0000001,00000003,00000000,00000003,00000080,00000000,?), ref: 002C223D
                                                                                                                                                                                                                                              • SetFileInformationByHandle.KERNEL32(?,0000000C,?,00000004), ref: 002C22EC
                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(?,?), ref: 002C2338
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C234B
                                                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 002C24C2
                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002C26CF
                                                                                                                                                                                                                                              • SetFilePointerEx.KERNEL32(00000010,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 002C2707
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 002C2715
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C2744
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000001,00000000), ref: 002C2785
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C27FD
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 002C2856
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 002C2861
                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000004,?,?,?), ref: 002C28F9
                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000010,00000001,00000004,?,00000000,?,00000004,?,?,?), ref: 002C2955
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000010,00000000,00000000,00000000,00000004,?,00000000,?,00000004,?,?,?), ref: 002C2979
                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002C2A57
                                                                                                                                                                                                                                              • SetFilePointerEx.KERNEL32(00000010,00000000,?,00000000,00000000), ref: 002C2A8F
                                                                                                                                                                                                                                                • Part of subcall function 002C813D: GetTickCount64.KERNEL32 ref: 002C8148
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C2ACE
                                                                                                                                                                                                                                              • CreateIoCompletionPort.KERNELBASE(00000010,?,00000000,00000001,?,?), ref: 002C2B1D
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C2B42
                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002C2C72
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,00000001,?,?), ref: 002C2D1E
                                                                                                                                                                                                                                              • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 002C2D95
                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?), ref: 002C2DAA
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 002C2DC3
                                                                                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 002C2DD1
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • The file is too small. File: '%s' relative thread %u size: %I64u, base offset: %I64u block size: %u, xrefs: 002C27D3
                                                                                                                                                                                                                                              • thread %u started (random seed: %u), xrefs: 002C254C
                                                                                                                                                                                                                                              • thread %u: waiting for a signal to start, xrefs: 002C283C, 002C2D04
                                                                                                                                                                                                                                              • t[%u:%u] initial I/O op at %I64u (starting in block: %I64u), xrefs: 002C2C93
                                                                                                                                                                                                                                              • read, xrefs: 002C2AC2
                                                                                                                                                                                                                                              • thread %u: received signal to start, xrefs: 002C287A, 002C2D35
                                                                                                                                                                                                                                              • Error setting file pointer. Error code: %d., xrefs: 002C271C
                                                                                                                                                                                                                                              • thread %u starting: file '%s' relative thread %u file offset: %I64u (starting in block: %I64u), xrefs: 002C24E2
                                                                                                                                                                                                                                              • Waiting for a signal to start failed (error code: %u), xrefs: 002C2868
                                                                                                                                                                                                                                              • Warning - file size is less than MaxFileSize, xrefs: 002C2389
                                                                                                                                                                                                                                              • Error opening file: %s [%u], xrefs: 002C2805
                                                                                                                                                                                                                                              • \\.\PhysicalDrive%u, xrefs: 002C2134
                                                                                                                                                                                                                                              • Warning: thread %u transfered %u bytes instead of %u bytes, xrefs: 002C29A2
                                                                                                                                                                                                                                              • Failed to disable local caching (error %u). NOTE: only supported on remote filesystems with Windows 8 or newer., xrefs: 002C2727
                                                                                                                                                                                                                                              • The file is too small or there has been an error during getting file size, xrefs: 002C2762
                                                                                                                                                                                                                                              • t[%u] initial I/O op at %I64u (starting in block: %I64u), xrefs: 002C26E9
                                                                                                                                                                                                                                              • thread %u starting: file '%s' relative thread %u random pattern, xrefs: 002C2474
                                                                                                                                                                                                                                              • Error setting affinity mask in thread %u, xrefs: 002C2083
                                                                                                                                                                                                                                              • unable to create IO completion port (error code: %u), xrefs: 002C2B49
                                                                                                                                                                                                                                              • affinitizing thread %u to Group %u / CPU %u, xrefs: 002C2032
                                                                                                                                                                                                                                              • SeLockMemoryPrivilege, xrefs: 002C20BC
                                                                                                                                                                                                                                              • Error getting file size, xrefs: 002C2756
                                                                                                                                                                                                                                              • t[%u:%u] error during %s error code: %u), xrefs: 002C2ADE
                                                                                                                                                                                                                                              • thread %u: Error setting file pointer, xrefs: 002C2AB1
                                                                                                                                                                                                                                              • FATAL ERROR: invalid filename, xrefs: 002C282A
                                                                                                                                                                                                                                              • \\.\%c:, xrefs: 002C2176
                                                                                                                                                                                                                                              • FATAL ERROR: Could not allocate a buffer bytes for target '%s'. Error code: 0x%x, xrefs: 002C278D
                                                                                                                                                                                                                                              • write, xrefs: 002C2AC9, 002C2AD5
                                                                                                                                                                                                                                              • Error setting IO priority for file: %s [%u], xrefs: 002C274C
                                                                                                                                                                                                                                              • t[%u] new I/O op at %I64u (starting in block: %I64u), xrefs: 002C2A71
                                                                                                                                                                                                                                              • ERROR:, xrefs: 002C20B7
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$File$Unothrow_t@std@@@__ehfuncinfo$??2@$CloseCreateHandleObjectPointerSingleThreadWaitsprintf_s$??3@AffinityChangeCompletionCount64CurrentFindFreeGroupH_prolog3_InformationNotificationPortReadSizeSleepTickVirtualWrite__aulldivatoiisalphasrand
                                                                                                                                                                                                                                              • String ID: ERROR:$Error getting file size$Error opening file: %s [%u]$Error setting IO priority for file: %s [%u]$Error setting affinity mask in thread %u$Error setting file pointer. Error code: %d.$FATAL ERROR: Could not allocate a buffer bytes for target '%s'. Error code: 0x%x$FATAL ERROR: invalid filename$Failed to disable local caching (error %u). NOTE: only supported on remote filesystems with Windows 8 or newer.$SeLockMemoryPrivilege$The file is too small or there has been an error during getting file size$The file is too small. File: '%s' relative thread %u size: %I64u, base offset: %I64u block size: %u$Waiting for a signal to start failed (error code: %u)$Warning - file size is less than MaxFileSize$Warning: thread %u transfered %u bytes instead of %u bytes$\\.\%c:$\\.\PhysicalDrive%u$affinitizing thread %u to Group %u / CPU %u$read$t[%u:%u] error during %s error code: %u)$t[%u:%u] initial I/O op at %I64u (starting in block: %I64u)$t[%u] initial I/O op at %I64u (starting in block: %I64u)$t[%u] new I/O op at %I64u (starting in block: %I64u)$thread %u started (random seed: %u)$thread %u starting: file '%s' relative thread %u file offset: %I64u (starting in block: %I64u)$thread %u starting: file '%s' relative thread %u random pattern$thread %u: Error setting file pointer$thread %u: received signal to start$thread %u: waiting for a signal to start$unable to create IO completion port (error code: %u)$write
                                                                                                                                                                                                                                              • API String ID: 2250426-2870866691
                                                                                                                                                                                                                                              • Opcode ID: 992dec6879496c168a01c9d6f4d25975d626a4bb13b5d3a4f54f01eba2f0322c
                                                                                                                                                                                                                                              • Instruction ID: ef1aa1e9fba88d06e05bc8a5acf10c2262a6428d01d47eda5eb20552685de481
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 992dec6879496c168a01c9d6f4d25975d626a4bb13b5d3a4f54f01eba2f0322c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4892AE30920215DFDF24DF64CC85FA9B7B5AF15300F1482DAE849AB252CB75ADA9CF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C1175 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 82COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000020,000000FF,000000B8,?,?), ref: 002C119B
                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?), ref: 002C11A2
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?), ref: 002C11AC
                                                                                                                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeLockMemoryPrivilege,?), ref: 002C11D4
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?), ref: 002C11DE
                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(000000FF,?,?), ref: 002C1232
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLastProcess$ChangeCloseCurrentFindLookupNotificationOpenPrivilegeTokenValue
                                                                                                                                                                                                                                              • String ID: %s Error adjusting token privileges for %s (error code: %u)$%s Error looking up privilege value %s (error code: %u)$%s Error opening process token (error code: %u)$ERROR:$SeLockMemoryPrivilege
                                                                                                                                                                                                                                              • API String ID: 3977855488-962059016
                                                                                                                                                                                                                                              • Opcode ID: 873f57d103aeff0b0cdbe6479215f2aecfa8cfbb392696bd9932e6c91eb02671
                                                                                                                                                                                                                                              • Instruction ID: 08c7198d2181b0d31473e045436c302a4cc356bcc865501ee68a5891e16568dc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 873f57d103aeff0b0cdbe6479215f2aecfa8cfbb392696bd9932e6c91eb02671
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F21B674921215AFD7205FA1AC0FFBF7B7DEB62352B10421EB915D2091E6704D29CAB2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C1446 Relevance: 1.5, APIs: 1, Instructions: 27nativeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 560 2c1446-2c1480 NtQuerySystemInformation call 2ccfa0 563 2c1485-2c1488 560->563
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • NtQuerySystemInformation.NTDLL ref: 002C1471
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InformationQuerySystem
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3562636166-0
                                                                                                                                                                                                                                              • Opcode ID: 212870705ce3251fe7e5642289a4c796968b72406d123bb4ca2dda7c41272805
                                                                                                                                                                                                                                              • Instruction ID: f16816732383817317f6864abfd21a9f55106c6dd60f2e978ffee1b133cce4a6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 212870705ce3251fe7e5642289a4c796968b72406d123bb4ca2dda7c41272805
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7E09B31751118BBD704DF95EC16F9E7B9CEB48310F11801FB81A9B5D0C930AD108B90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C1733 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 359filesleepCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 343 2c1733-2c179e call 2cd114 call 2c4dd7 348 2c17fa-2c17fc 343->348 349 2c17a0-2c17a3 343->349 351 2c1af7-2c1afe 348->351 352 2c1802 348->352 350 2c17a5-2c17ba 349->350 353 2c17bc-2c17bf 350->353 354 2c17c1 350->354 355 2c1b04-2c1b09 351->355 356 2c1821-2c1828 351->356 357 2c1804-2c181a call 2c8208 352->357 359 2c17c4-2c17ce 353->359 354->359 360 2c1b0a-2c1b0c 355->360 356->355 358 2c182e-2c1840 356->358 375 2c181c 357->375 362 2c1999-2c199d 358->362 363 2c1846-2c18a7 call 2c813d 358->363 364 2c17d5-2c17e3 call 2c80d1 359->364 365 2c17d0-2c17d3 359->365 366 2c1b0e-2c1b15 ??3@YAXPAX@Z 360->366 367 2c1b16-2c1b1d call 2cd0e7 360->367 373 2c199f-2c19ab 362->373 374 2c19b9-2c19d2 GetQueuedCompletionStatus 362->374 384 2c18a9-2c18ab 363->384 385 2c18c4-2c18c8 363->385 370 2c17e8-2c17f5 364->370 365->364 365->370 366->367 370->350 379 2c17f7 370->379 373->374 381 2c19ad-2c19b0 373->381 376 2c19d8-2c1a03 374->376 377 2c1aea-2c1af5 GetLastError 374->377 375->351 382 2c1a1f-2c1a34 376->382 383 2c1a05-2c1a1c call 2c1330 376->383 377->351 386 2c1b47-2c1b53 call 2c1330 377->386 379->348 381->374 387 2c19b2-2c19b3 Sleep 381->387 390 2c1a6a-2c1a70 382->390 391 2c1a36-2c1a65 call 2c0d77 382->391 383->382 384->385 392 2c18ad-2c18af 384->392 393 2c18dc-2c18fd call 2c170c 385->393 394 2c18ca-2c18d8 call 2ba975 385->394 405 2c1b54-2c1b56 386->405 387->374 400 2c1a8e-2c1ae8 call 2c1490 call 2cd910 call 2c1370 call 2c8208 390->400 401 2c1a72-2c1a7c 390->401 391->390 398 2c18b4-2c18bf call 2c8208 392->398 399 2c18b1 392->399 410 2c18ff-2c1930 ReadFile 393->410 411 2c1932-2c1959 call 2bc075 WriteFile 393->411 394->393 417 2c1984-2c1993 398->417 399->398 400->351 401->400 407 2c1a7e-2c1a8b call 2c12f0 401->407 405->360 407->400 415 2c195c-2c195e 410->415 411->415 422 2c1960-2c196b GetLastError 415->422 423 2c1971-2c1977 415->423 417->362 417->363 422->423 425 2c1b1e-2c1b26 422->425 423->417 426 2c1979-2c197f call 2c81c5 423->426 429 2c1b2d-2c1b45 GetLastError call 2c1330 425->429 430 2c1b28 425->430 426->417 429->405 430->429
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ReadFile.KERNELBASE(00000010,00000001,?,00000000,?,?,00000060,002C2D66), ref: 002C1927
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000010,00000000,00000001,00000001,?,00000000,?,?,00000060,002C2D66), ref: 002C1953
                                                                                                                                                                                                                                                • Part of subcall function 002C1490: __aullrem.LIBCMT ref: 002C1502
                                                                                                                                                                                                                                                • Part of subcall function 002C1490: __aullrem.LIBCMT ref: 002C15DE
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C1960
                                                                                                                                                                                                                                              • Sleep.KERNEL32(?,?,?,00000060,002C2D66), ref: 002C19B3
                                                                                                                                                                                                                                              • GetQueuedCompletionStatus.KERNEL32(f-,,?,`f-,,00000010,00000001,?,00000060,002C2D66), ref: 002C19CA
                                                                                                                                                                                                                                                • Part of subcall function 002BA975: QueryPerformanceCounter.KERNEL32(00000000,00000001,00000001,?,002C1E0F,000000B8,00000000,?), ref: 002BA980
                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002C1AB7
                                                                                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 002C1B0F
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C1B2D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorFileLast__aullrem$??3@CompletionCounterPerformanceQueryQueuedReadSleepStatusUnothrow_t@std@@@Write__ehfuncinfo$??2@
                                                                                                                                                                                                                                              • String ID: Warning: thread %u transferred %u bytes instead of %u bytes$`f-,$error during overlapped IO operation (error code: %u)$f-,$read$t[%u:%u] new I/O op at %I64u (starting in block: %I64u)$t[%u] error during %s error code: %u)$write
                                                                                                                                                                                                                                              • API String ID: 202472602-1026944461
                                                                                                                                                                                                                                              • Opcode ID: 2d6e460505d80035212495bfabf69b76122f20d4cb994cc3cd2cccbed24db4b3
                                                                                                                                                                                                                                              • Instruction ID: 6556ebfce5c8315f2bc0972af599344b9f979f758368496e6531bdec13af41b2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d6e460505d80035212495bfabf69b76122f20d4cb994cc3cd2cccbed24db4b3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75E12971E102159FDF14DFA8C885FADBBB6EF49310F148269E809AB266D7319C61CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C2E86 Relevance: 6.1, APIs: 4, Instructions: 60stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 474 2c2e86-2c2e9f 475 2c2ea6-2c2ebe strcpy_s 474->475 476 2c2ea1 474->476 478 2c2ec4-2c2ed3 475->478 479 2c2ec0-2c2ec2 475->479 477 2c2ea3-2c2ea4 476->477 482 2c2f17-2c2f24 call 2ccfa0 477->482 480 2c2ed5 478->480 481 2c2f13 478->481 479->477 483 2c2ed7-2c2eda 480->483 484 2c2f15-2c2f16 481->484 486 2c2f0c-2c2f11 483->486 487 2c2edc-2c2edf 483->487 484->482 486->481 486->483 487->486 489 2c2ee1-2c2ef4 GetFileAttributesA 487->489 490 2c2f09 489->490 491 2c2ef6-2c2f07 CreateDirectoryA 489->491 490->486 491->490 492 2c2f25-2c2f2b GetLastError 491->492 492->484
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • strcpy_s.MSVCRT ref: 002C2EB3
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(00000000), ref: 002C2EEB
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 002C2EFF
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C2F25
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AttributesCreateDirectoryErrorFileLaststrcpy_s
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 354552961-0
                                                                                                                                                                                                                                              • Opcode ID: 22f82e4ba318c29e2a0f5cb9dbf5679877cecce953f2b9b037849550a60678ab
                                                                                                                                                                                                                                              • Instruction ID: 997088d6a2ce81cea39d83dbcf0c7b8ef57998ad64d7d5470334a7c6fa1a36d8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22f82e4ba318c29e2a0f5cb9dbf5679877cecce953f2b9b037849550a60678ab
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F11EB30D28249EAD7318F24AC08FA67BB89B55351F14069DE5C5D2081DFB09DDDCB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BBFD5 Relevance: 4.6, APIs: 3, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 493 2bbfd5-2bbff4 494 2bc010-2bc017 493->494 495 2bbff6-2bc00e GetLargePageMinimum 493->495 496 2bc018-2bc02e VirtualAlloc 494->496 495->496 497 2bc030-2bc033 496->497 498 2bc065-2bc06d 496->498 499 2bc053-2bc062 call 2bc0e3 497->499 500 2bc035-2bc038 497->500 499->498 501 2bc03a-2bc045 memset 500->501 502 2bc047-2bc049 500->502 501->499 502->499 504 2bc04b-2bc051 502->504 504->499 504->504
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLargePageMinimum.KERNEL32 ref: 002BBFF6
                                                                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 002BC01B
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 002BC03D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocLargeMinimumPageVirtualmemset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3383278933-0
                                                                                                                                                                                                                                              • Opcode ID: 75354e15de285d468e2d53b7a8900d669239a04ff5be430931278534039f1a9e
                                                                                                                                                                                                                                              • Instruction ID: d926740bcaed5a4efe081d6754b05f19da04e43b2343077a09a241a47a051c69
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75354e15de285d468e2d53b7a8900d669239a04ff5be430931278534039f1a9e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 961136B1D1520BFFEB10AF658884BFBFB6CEB11380F28446AE94093201C6715CA9C7E0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BA58F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 506 2ba58f-2ba59b 507 2ba5af-2ba5b2 506->507 508 2ba59d-2ba5a0 506->508 509 2ba5a2-2ba5a3 call 2cca2b 508->509 510 2ba5b5-2ba5ba call 2ccbe6 508->510 514 2ba5a8-2ba5ad 509->514 514->507 514->510
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::tr1::_Xmem.LIBCPMT ref: 002BA5B5
                                                                                                                                                                                                                                                • Part of subcall function 002CCA2B: malloc.MSVCRT ref: 002CCA42
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Xmemmallocstd::tr1::_
                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                              • API String ID: 257571584-2766056989
                                                                                                                                                                                                                                              • Opcode ID: 399b7a485d091a66600d6952dbfa20f3ceafde20b4a6854d3a2a6daddf43b3a4
                                                                                                                                                                                                                                              • Instruction ID: 7bf8f447df79bd7c040eea3723663aa7c95b6c7d98b98d56303ce42e6adc59c3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 399b7a485d091a66600d6952dbfa20f3ceafde20b4a6854d3a2a6daddf43b3a4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57D0A7F172924B0B9F3C6DBD98169AE72C88F447B13B4022DB62FC65C0ED20EE20455A
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BA49C Relevance: 3.1, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 515 2ba49c-2ba4b6 call 2cd187 518 2ba4b8-2ba4bb 515->518 519 2ba4bd-2ba4d4 515->519 520 2ba4e7-2ba4f2 call 2ba58f 518->520 519->520 521 2ba4d6-2ba4dd 519->521 525 2ba4f7-2ba52a 520->525 522 2ba4df-2ba4e2 521->522 523 2ba4e4-2ba4e6 521->523 522->520 523->520 527 2ba52c-2ba530 525->527 528 2ba547-2ba554 call 2ba1b9 525->528 530 2ba532-2ba534 527->530 531 2ba536 527->531 535 2ba55b-2ba564 528->535 536 2ba556-2ba559 528->536 533 2ba538-2ba53a 530->533 531->533 533->528 534 2ba53c-2ba544 memcpy 533->534 534->528 537 2ba568-2ba571 call 2cd0e7 535->537 538 2ba566 535->538 536->535 538->537
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: H_prolog3_catchmemcpy
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1910038392-0
                                                                                                                                                                                                                                              • Opcode ID: bc4bfe082f284ef552748d6badde380c5a39fde4722b46b11bcd17910fc0c84a
                                                                                                                                                                                                                                              • Instruction ID: ebd344cd2284d58f2d8b6a4f18dca108f5aef82ea10c190b04cf96fcfb5860bd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc4bfe082f284ef552748d6badde380c5a39fde4722b46b11bcd17910fc0c84a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B212B71E302029BDB34DF58C8817EEB7B5AF80350F50062DE5525B2C1CBB0AA558B92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C834C Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memsetvsprintf_s
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3742729749-0
                                                                                                                                                                                                                                              • Opcode ID: 3c94899f17da8a5780376d4609c3074602415b9fb8ee99c9918022a1806be873
                                                                                                                                                                                                                                              • Instruction ID: f4af4a11f2d9c045efb1eb1fba0a65b5ead612176b1c2b5e7d1c5c7011de127b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c94899f17da8a5780376d4609c3074602415b9fb8ee99c9918022a1806be873
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E01817291014DABCB11EF95DC45EDBB3BCEB48715F1001AAB608D3100DA70EE958FA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C5DF7 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 550 2c5df7-2c5e04 call 2bebcd 552 2c5e09-2c5e2b memmove 550->552 553 2c5e2d-2c5e35 ??3@YAXPAX@Z 552->553 554 2c5e36-2c5e4b 552->554 553->554
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ??3@memmove
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1783365933-0
                                                                                                                                                                                                                                              • Opcode ID: 449d6495533c3f4d8d88ba3ae102800c14678b2ef45c420e20e3b87f953a0561
                                                                                                                                                                                                                                              • Instruction ID: dc36e0977db673dd5c94f1940b7c2f9f3e663bdac56eade5f4ab403774fbcb14
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 449d6495533c3f4d8d88ba3ae102800c14678b2ef45c420e20e3b87f953a0561
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2F04F76401605EFC7319F28E888D97FBF9FF85360724862EE99983254D731A960CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002CCA2B Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 555 2cca2b-2cca30 556 2cca3f-2cca4b malloc 555->556 557 2cca4d-2cca4e 556->557 558 2cca32-2cca3d _callnewh 556->558 558->556 559 2cca4f 558->559 559->559
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _callnewhmalloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2285944120-0
                                                                                                                                                                                                                                              • Opcode ID: 243867b316ba87177f55e18ddd59607380d4bfa36c0107a329b30de40f077171
                                                                                                                                                                                                                                              • Instruction ID: 06cbef9534a5b4385c86c5bf9a2b077e1f680317529743e1200f9443df248c83
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 243867b316ba87177f55e18ddd59607380d4bfa36c0107a329b30de40f077171
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11D0A93103810FE28F20DE19EC2CF2A3B18AA44360738422DF80C85461DF31CC719840
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BEBCD Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 564 2bebcd-2bebd9 565 2bebdb-2bebe0 564->565 566 2bebf2-2bebf5 564->566 567 2bebf8-2bebfd call 2ccbe6 565->567 568 2bebe2-2bebe6 call 2cca2b 565->568 571 2bebeb-2bebf0 568->571 571->566 571->567
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::tr1::_Xmem.LIBCPMT ref: 002BEBF8
                                                                                                                                                                                                                                                • Part of subcall function 002CCA2B: malloc.MSVCRT ref: 002CCA42
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Xmemmallocstd::tr1::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 257571584-0
                                                                                                                                                                                                                                              • Opcode ID: f0ad478dba8e2f6475ea0f60988791a944f8e226c44f4ae9953444f3b242845a
                                                                                                                                                                                                                                              • Instruction ID: a20b8bf27e0f6da636cbb50527acbbc91e83caccf5f4a7d3b00bb3385c23496d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0ad478dba8e2f6475ea0f60988791a944f8e226c44f4ae9953444f3b242845a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4D05E7122826B036F2869AD54169EE7288DA847B4365463EB52BC6580DC20DC21819A
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                              Function 002BD640 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 167COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • ERROR: syntax error parsing affinity at highlighted character-%s, xrefs: 002BD769
                                                                                                                                                                                                                                              • ERROR: core %u is out of range, xrefs: 002BD740, 002BD7A9
                                                                                                                                                                                                                                              • ERROR: incomplete affinity specification, xrefs: 002BD7C7
                                                                                                                                                                                                                                              • ERROR: group %u is out of range, xrefs: 002BD70E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                                              • String ID: ERROR: core %u is out of range$ERROR: group %u is out of range$ERROR: incomplete affinity specification$ERROR: syntax error parsing affinity at highlighted character-%s
                                                                                                                                                                                                                                              • API String ID: 383729395-1019511092
                                                                                                                                                                                                                                              • Opcode ID: bb83802379808e28920f27f0258349aba51881636b7bbe21802250114ade8c43
                                                                                                                                                                                                                                              • Instruction ID: 038f7b6a3fa2eea2ef20e449a52881c1f25189e529cf5c3e2dbd1db2f4e87b5b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb83802379808e28920f27f0258349aba51881636b7bbe21802250114ade8c43
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9412C31DA5255AFEB206E74B85EBEEEB688F127D0F188015EC5857183F9710C78DA50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C1250 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?), ref: 002C1273
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C1280
                                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,000902B8,00000000,00000000,00000000,00000000,00000000,?), ref: 002C1297
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C12A1
                                                                                                                                                                                                                                              • GetOverlappedResult.KERNEL32(00000000,?,00000000,00000001), ref: 002C12BC
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C12C6
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 002C12DC
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$CloseControlCreateDeviceEventHandleOverlappedResult
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2847295715-0
                                                                                                                                                                                                                                              • Opcode ID: 6152eabd3a639c06e15852ac9875860819b75cc19b80716b2ac0056ecadb2b68
                                                                                                                                                                                                                                              • Instruction ID: 0431ef7cbcc8b851be8ded1b8d1b03cc9560577e81f5cd3403e023fa1e70e1b6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6152eabd3a639c06e15852ac9875860819b75cc19b80716b2ac0056ecadb2b68
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77118F75D01229EBE7105BA5EC4DBEFBB6DEF25352F004126EE05E2151E2704D54C6A2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002CD498 Relevance: 7.6, APIs: 5, Instructions: 53timethreadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 002CD4CE
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 002CD4DD
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 002CD4E6
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 002CD4EF
                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 002CD504
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1445889803-0
                                                                                                                                                                                                                                              • Opcode ID: 84ffd21749d9ec32f3ad693dbe29c2fd300df5166030c10275a13adfa40130b6
                                                                                                                                                                                                                                              • Instruction ID: e79b901b08d97554a4e4be90a536f654baa40b204efb443ae4e2788af0f12567
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84ffd21749d9ec32f3ad693dbe29c2fd300df5166030c10275a13adfa40130b6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19118870D02208EBCB14DFB4E94CAAEB7F4FB58352F61456AE806E3210DB309E58CB10
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002CD5FA Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,002CD735,002B1E98), ref: 002CD601
                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(002CD735,?,002CD735,002B1E98), ref: 002CD60A
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409,?,002CD735,002B1E98), ref: 002CD615
                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,002CD735,002B1E98), ref: 002CD61C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3231755760-0
                                                                                                                                                                                                                                              • Opcode ID: 5d244c37d6945cd3334d5e388b1c8cef4c0a3c433bd5e39527825b67684fcc49
                                                                                                                                                                                                                                              • Instruction ID: 52818342b1da128449c4b9c882d4e42462c6c234dac175825adea917abb26495
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d244c37d6945cd3334d5e388b1c8cef4c0a3c433bd5e39527825b67684fcc49
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FBD0C972802104EBC7002BE1FC0CA593F29EB74253F048002F30A82420CA314C49CB61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BCEC4 Relevance: 436.0, APIs: 130, Strings: 119, Instructions: 281COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • %s -c8192K -d1 testfile.dat, xrefs: 002BD471
                                                                                                                                                                                                                                              • may be specified, and groups/cores may be repeated. If no group is specified, 0 is assumed., xrefs: 002BCF88
                                                                                                                                                                                                                                              • (creates a notification event if <eventname> does not exist), xrefs: 002BD36B, 002BD370, 002BD382, 002BD394, 002BD3A9
                                                                                                                                                                                                                                              • -n disable default affinity (-a), xrefs: 002BD128
                                                                                                                                                                                                                                              • t : the FILE_ATTRIBUTE_TEMPORARY hint, xrefs: 002BD08C
                                                                                                                                                                                                                                              • -P<count> enable printing a progress dot after each <count> [default=65536], xrefs: 002BD176
                                                                                                                                                                                                                                              • -yr<eventname> waits on event <eventname> before starting the run (including warmup), xrefs: 002BD389
                                                                                                                                                                                                                                              • <partition_drive_letter>:, xrefs: 002BCF22
                                                                                                                                                                                                                                              • note that this can not be specified when using completion routines, xrefs: 002BD0C0
                                                                                                                                                                                                                                              • -Z<size>[K|M|G|b] use a <size> buffer filled with random data as a source for write operations., xrefs: 002BD326
                                                                                                                                                                                                                                              • -ep use paged memory for the NT Kernel Logger [default=non-paged memory], xrefs: 002BD3E3
                                                                                                                                                                                                                                              • Group 0 is filled before Group 1, and so forth., xrefs: 002BCF55
                                                                                                                                                                                                                                              • -r<align>[K|M|G|b] random I/O aligned to <align> in bytes/KiB/MiB/GiB/blocks (overrides -s), xrefs: 002BD190
                                                                                                                                                                                                                                              • [default = q, query perf timer (qpc)], xrefs: 002BD3D8
                                                                                                                                                                                                                                              • absence of this switch indicates 100%% reads, xrefs: 002BD2BB
                                                                                                                                                                                                                                              • [default; use -n to disable default affinity], xrefs: 002BCF63
                                                                                                                                                                                                                                              • -B<offs>[K|M|G|b] base target offset in bytes or KiB/MiB/GiB/blocks [default=0], xrefs: 002BCFD6
                                                                                                                                                                                                                                              • -Z<size>[K|M|G|b],<file> use a <size> buffer filled with data from <file> as a source for write operations., xrefs: 002BD331
                                                                                                                                                                                                                                              • (1=synchronous I/O, unless more than 1 thread is specified with -F), xrefs: 002BD142
                                                                                                                                                                                                                                              • -h deprecated, see -Sh, xrefs: 002BD0DA
                                                                                                                                                                                                                                              • -eREGISTRY registry calls, xrefs: 002BD43B
                                                                                                                                                                                                                                              • -c<size>[K|M|G|b] create files of the given size., xrefs: 002BCFF0
                                                                                                                                                                                                                                              • makes sense only with #threads > 1, xrefs: 002BD294
                                                                                                                                                                                                                                              • Usage: %s [options] target1 [ target2 [ target3 ...] ], xrefs: 002BCEDA
                                                                                                                                                                                                                                              • 2.0.17a, xrefs: 002BCEEA
                                                                                                                                                                                                                                              • -Su disable software caching, equivalent to FILE_FLAG_NO_BUFFERING, xrefs: 002BD246
                                                                                                                                                                                                                                              • -eMEMORY_PAGE_FAULTS all page faults, xrefs: 002BD41A
                                                                                                                                                                                                                                              • version %s (%s), xrefs: 002BCEEF
                                                                                                                                                                                                                                              • I/O operations per thread, disable all caching mechanisms and run block-aligned random, xrefs: 002BD48E
                                                                                                                                                                                                                                              • -z[seed] set random seed [with no -z, seed=0; with plain -z, seed is based on system run time], xrefs: 002BD2FC
                                                                                                                                                                                                                                              • per-target: text output provides IOPs standard deviation, XML provides the full, xrefs: 002BD024
                                                                                                                                                                                                                                              • for example to test only the first sectors of a disk, xrefs: 002BD058
                                                                                                                                                                                                                                              • [default=0] (starting offset = base file offset + (thread number * <offs>), xrefs: 002BD287
                                                                                                                                                                                                                                              • -v verbose mode, xrefs: 002BD2A1
                                                                                                                                                                                                                                              • Additional groups/processors may be added, comma separated, or on separate parameters., xrefs: 002BCF95
                                                                                                                                                                                                                                              • s : the FILE_FLAG_SEQUENTIAL_SCAN hint, xrefs: 002BD07F
                                                                                                                                                                                                                                              • -o<count> number of outstanding I/O requests per target per thread, xrefs: 002BD135
                                                                                                                                                                                                                                              • -f<rst> open file with one or more additional access hints, xrefs: 002BD065
                                                                                                                                                                                                                                              • -e<q|c|s> Use query perf timer (qpc), cycle count, or system timer respectively., xrefs: 002BD3CD
                                                                                                                                                                                                                                              • Size can be stated in bytes or KiB/MiB/GiB/blocks, xrefs: 002BCFFD
                                                                                                                                                                                                                                              • -? display usage information, xrefs: 002BCF3F
                                                                                                                                                                                                                                              • -j<milliseconds> interval in <milliseconds> between issuing IO bursts; see -i [default: inactive], xrefs: 002BD0F4
                                                                                                                                                                                                                                              • In non-interlocked mode, threads do not coordinate, so the pattern of offsets, xrefs: 002BD1C4
                                                                                                                                                                                                                                              • -eDISK_IO physical disk IO, xrefs: 002BD40F
                                                                                                                                                                                                                                              • [default=2], xrefs: 002BD14F
                                                                                                                                                                                                                                              • Create 8192KB file and run read test on it for 1 second:, xrefs: 002BD461
                                                                                                                                                                                                                                              • -eTHREAD thread start & end, xrefs: 002BD3F9
                                                                                                                                                                                                                                              • -R<text|xml> output format. Default is text., xrefs: 002BD19D
                                                                                                                                                                                                                                              • file_path, xrefs: 002BCF0C
                                                                                                                                                                                                                                              • -s[i]<size>[K|M|G|b] sequential stride size, offset between subsequent I/O operations, xrefs: 002BD1AA
                                                                                                                                                                                                                                              • Available targets:, xrefs: 002BCF01
                                                                                                                                                                                                                                              • -C<seconds> cool down time - duration of the test after measurements finished [default=0s]., xrefs: 002BD00A
                                                                                                                                                                                                                                              • -L measure latency statistics, xrefs: 002BD11B
                                                                                                                                                                                                                                              • -F<count> total number of threads (conflicts with -t), xrefs: 002BD0A6
                                                                                                                                                                                                                                              • -ag0,0,1,2 -ag1,0,1,2 is equivalent., xrefs: 002BCFBC
                                                                                                                                                                                                                                              • access read test lasting 10 seconds:, xrefs: 002BD499
                                                                                                                                                                                                                                              • Examples:, xrefs: 002BD454
                                                                                                                                                                                                                                              • manipulate a shared offset with InterlockedIncrement, which may reduce throughput,, xrefs: 002BD1DE
                                                                                                                                                                                                                                              • lasting 10 seconds:, xrefs: 002BD4C8
                                                                                                                                                                                                                                              • -i<count> number of IOs per burst; see -j [default: inactive], xrefs: 002BD0E7
                                                                                                                                                                                                                                              • [default: none], xrefs: 002BD099
                                                                                                                                                                                                                                              • -w<percentage> percentage of write requests (-w and -w0 are equivalent and result in a read-only workload)., xrefs: 002BD2AE
                                                                                                                                                                                                                                              • -I<priority> Set IO priority to <priority>. Available values are: 1-very low, 2-low, 3-normal (default), xrefs: 002BD101
                                                                                                                                                                                                                                              • completed I/O operations, counted separately by each thread , xrefs: 002BD183
                                                                                                                                                                                                                                              • Event Tracing:, xrefs: 002BD3C2
                                                                                                                                                                                                                                              • -Sb enable caching (default, explicitly stated), xrefs: 002BD22C
                                                                                                                                                                                                                                              • -yf<eventname> signals event <eventname> after the actual run finishes (no cooldown), xrefs: 002BD377
                                                                                                                                                                                                                                              • -ag group affinity - affinitize threads round-robin to cores in Processor Groups 0 - n., xrefs: 002BCF4A
                                                                                                                                                                                                                                              • -yp<eventname> stops the run when event <eventname> is set; CTRL+C is bound to this event, xrefs: 002BD39E
                                                                                                                                                                                                                                              • -Sh equivalent -Suw, xrefs: 002BD239
                                                                                                                                                                                                                                              • -x use completion routines instead of I/O Completion Ports, xrefs: 002BD2E2
                                                                                                                                                                                                                                              • -T<offs>[K|M|G|b] starting stride between I/O operations performed on the same target by different threads, xrefs: 002BD27A
                                                                                                                                                                                                                                              • [default inactive], xrefs: 002BD0CD
                                                                                                                                                                                                                                              • IMPORTANT: a write test will destroy existing data without a warning, xrefs: 002BD2C8
                                                                                                                                                                                                                                              • -d<seconds> duration (in seconds) to run test [default=10s], xrefs: 002BD03E
                                                                                                                                                                                                                                              • 2016/5/01, xrefs: 002BCEE5
                                                                                                                                                                                                                                              • -ePROCESS process start & end, xrefs: 002BD3EE
                                                                                                                                                                                                                                              • (ignored if -r specified, -si conflicts with -T and -p), xrefs: 002BD1F8
                                                                                                                                                                                                                                              • -Sr disable local caching, with remote sw caching enabled; only valid for remote filesystems, xrefs: 002BD253
                                                                                                                                                                                                                                              • #<physical drive number>, xrefs: 002BCF17
                                                                                                                                                                                                                                              • specifies Processor Groups for the following CPU core #s. Multiple Processor Groups, xrefs: 002BCF7B
                                                                                                                                                                                                                                              • -ye<eventname> sets event <eventname> and quits, xrefs: 002BD3B0
                                                                                                                                                                                                                                              • %s -b4K -t2 -r -o32 -d10 -h testfile.dat, xrefs: 002BD4A7
                                                                                                                                                                                                                                              • Set block size to 4KB, create 2 threads per file, 32 overlapped (outstanding), xrefs: 002BD483
                                                                                                                                                                                                                                              • -b<size>[K|M|G] block size in bytes or KiB/MiB/GiB [default=64K], xrefs: 002BCFC9
                                                                                                                                                                                                                                              • -l Use large pages for IO buffers, xrefs: 002BD10E
                                                                                                                                                                                                                                              • %s -c1G -b4K -t2 -d10 -a0,1 testfile1.dat testfile2.dat, xrefs: 002BD4D6
                                                                                                                                                                                                                                              • r : the FILE_FLAG_RANDOM_ACCESS hint, xrefs: 002BD072
                                                                                                                                                                                                                                              • -Sw enable writethrough (no hardware write caching), equivalent to FILE_FLAG_WRITE_THROUGH, xrefs: 002BD260
                                                                                                                                                                                                                                              • Available options:, xrefs: 002BCF34
                                                                                                                                                                                                                                              • -eNETWORK TCP/IP, UDP/IP send & receive, xrefs: 002BD430
                                                                                                                                                                                                                                              • [default access=non-interlocked sequential, default stride=block size], xrefs: 002BD1B7
                                                                                                                                                                                                                                              • IOPs time series in addition. [default=1000, 1 second]., xrefs: 002BD031
                                                                                                                                                                                                                                              • -f<size>[K|M|G|b] target size - use only the first <size> bytes or KiB/MiB/GiB/blocks of the file/disk/partition,, xrefs: 002BD04B
                                                                                                                                                                                                                                              • Examples: -a0,1,2 and -ag0,0,1,2 are equivalent., xrefs: 002BCFA2
                                                                                                                                                                                                                                              • -t<count> number of threads per target (conflicts with -F), xrefs: 002BD26D
                                                                                                                                                                                                                                              • but promotes a more sequential pattern., xrefs: 002BD1EB
                                                                                                                                                                                                                                              • to CPUs 0 and 1 (each file will have threads affinitized to both CPUs) and run read test, xrefs: 002BD4BD
                                                                                                                                                                                                                                              • as seen by the target will not be truly sequential. Under -si the threads, xrefs: 002BD1D1
                                                                                                                                                                                                                                              • -ag#,#[,#,...]> advanced CPU affinity - affinitize threads round-robin to the CPUs provided. The g# notation, xrefs: 002BCF6E
                                                                                                                                                                                                                                              • Write buffers:, xrefs: 002BD310
                                                                                                                                                                                                                                              • -eMEMORY_HARD_FAULTS hard faults only, xrefs: 002BD425
                                                                                                                                                                                                                                              • -eIMAGE_LOAD image load, xrefs: 002BD404
                                                                                                                                                                                                                                              • -g<bytes per ms> throughput per-thread per-target throttled to given bytes per millisecond, xrefs: 002BD0B3
                                                                                                                                                                                                                                              • -S equivalent to -Su, xrefs: 002BD21F
                                                                                                                                                                                                                                              • -p start parallel sequential I/O operations with the same offset, xrefs: 002BD15C
                                                                                                                                                                                                                                              • Synchronization:, xrefs: 002BD355
                                                                                                                                                                                                                                              • -ys<eventname> signals event <eventname> before starting the actual run (no warmup), xrefs: 002BD360
                                                                                                                                                                                                                                              • non-conflicting flags may be combined in any order; ex: -Sbw, -Suw, -Swu, xrefs: 002BD212
                                                                                                                                                                                                                                              • (ignored if -r is specified, makes sense only with -o2 or greater), xrefs: 002BD169
                                                                                                                                                                                                                                              • (offset from the beginning of the file), xrefs: 002BCFE3
                                                                                                                                                                                                                                              • By default, the write buffers are filled with a repeating pattern (0, 1, 2, ..., 255, 0, 1, ...), xrefs: 002BD343
                                                                                                                                                                                                                                              • -D<milliseconds> Capture IOPs statistics in intervals of <milliseconds>; these are per-thread, xrefs: 002BD017
                                                                                                                                                                                                                                              • -Z zero buffers used for write tests, xrefs: 002BD31B
                                                                                                                                                                                                                                              • -W<seconds> warm up time - duration of the test before measurements start [default=5s], xrefs: 002BD2D5
                                                                                                                                                                                                                                              • Create two 1GB files, set block size to 4KB, create 2 threads per file, affinitize threads, xrefs: 002BD4B2
                                                                                                                                                                                                                                              • -S[bhruw] control caching behavior [default: caching is enabled, no writethrough], xrefs: 002BD205
                                                                                                                                                                                                                                              • -X<filepath> use an XML file for configuring the workload. Cannot be used with other parameters., xrefs: 002BD2EF
                                                                                                                                                                                                                                              • -ag0,0,1,2,g1,0,1,2 specifies the first three cores in groups 0 and 1., xrefs: 002BCFAF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: printf
                                                                                                                                                                                                                                              • String ID: -ag0,0,1,2 -ag1,0,1,2 is equivalent.$ -ag0,0,1,2,g1,0,1,2 specifies the first three cores in groups 0 and 1.$ (1=synchronous I/O, unless more than 1 thread is specified with -F)$ (ignored if -r is specified, makes sense only with -o2 or greater)$ (ignored if -r specified, -si conflicts with -T and -p)$ (offset from the beginning of the file)$ Additional groups/processors may be added, comma separated, or on separate parameters.$ Examples: -a0,1,2 and -ag0,0,1,2 are equivalent.$ Group 0 is filled before Group 1, and so forth.$ IMPORTANT: a write test will destroy existing data without a warning$ IOPs time series in addition. [default=1000, 1 second].$ In non-interlocked mode, threads do not coordinate, so the pattern of offsets$ Size can be stated in bytes or KiB/MiB/GiB/blocks$ [default = q, query perf timer (qpc)]$ [default access=non-interlocked sequential, default stride=block size]$ [default inactive]$ [default: none]$ [default; use -n to disable default affinity]$ [default=0] (starting offset = base file offset + (thread number * <offs>)$ [default=2]$ as seen by the target will not be truly sequential. Under -si the threads$ but promotes a more sequential pattern.$ completed I/O operations, counted separately by each thread $ for example to test only the first sectors of a disk$ makes sense only with #threads > 1$ manipulate a shared offset with InterlockedIncrement, which may reduce throughput,$ may be specified, and groups/cores may be repeated. If no group is specified, 0 is assumed.$ non-conflicting flags may be combined in any order; ex: -Sbw, -Suw, -Swu$ note that this can not be specified when using completion routines$ per-target: text output provides IOPs standard deviation, XML provides the full$ r : the FILE_FLAG_RANDOM_ACCESS hint$ s : the FILE_FLAG_SEQUENTIAL_SCAN hint$ specifies Processor Groups for the following CPU core #s. Multiple Processor Groups$ t : the FILE_ATTRIBUTE_TEMPORARY hint$ absence of this switch indicates 100%% reads$ (creates a notification event if <eventname> does not exist)$ #<physical drive number>$ <partition_drive_letter>:$ file_path$ %s -b4K -t2 -r -o32 -d10 -h testfile.dat$ %s -c1G -b4K -t2 -d10 -a0,1 testfile1.dat testfile2.dat$ %s -c8192K -d1 testfile.dat$ -? display usage information$ -B<offs>[K|M|G|b] base target offset in bytes or KiB/MiB/GiB/blocks [default=0]$ -C<seconds> cool down time - duration of the test after measurements finished [default=0s].$ -D<milliseconds> Capture IOPs statistics in intervals of <milliseconds>; these are per-thread$ -F<count> total number of threads (conflicts with -t)$ -I<priority> Set IO priority to <priority>. Available values are: 1-very low, 2-low, 3-normal (default)$ -L measure latency statistics$ -P<count> enable printing a progress dot after each <count> [default=65536]$ -R<text|xml> output format. Default is text.$ -S equivalent to -Su$ -S[bhruw] control caching behavior [default: caching is enabled, no writethrough]$ -Sb enable caching (default, explicitly stated)$ -Sh equivalent -Suw$ -Sr disable local caching, with remote sw caching enabled; only valid for remote filesystems$ -Su disable software caching, equivalent to FILE_FLAG_NO_BUFFERING$ -Sw enable writethrough (no hardware write caching), equivalent to FILE_FLAG_WRITE_THROUGH$ -T<offs>[K|M|G|b] starting stride between I/O operations performed on the same target by different threads$ -W<seconds> warm up time - duration of the test before measurements start [default=5s]$ -X<filepath> use an XML file for configuring the workload. Cannot be used with other parameters.$ -Z zero buffers used for write tests$ -Z<size>[K|M|G|b] use a <size> buffer filled with random data as a source for write operations.$ -Z<size>[K|M|G|b],<file> use a <size> buffer filled with data from <file> as a source for write operations.$ -ag group affinity - affinitize threads round-robin to cores in Processor Groups 0 - n.$ -ag#,#[,#,...]> advanced CPU affinity - affinitize threads round-robin to the CPUs provided. The g# notation$ -b<size>[K|M|G] block size in bytes or KiB/MiB/GiB [default=64K]$ -c<size>[K|M|G|b] create files of the given size.$ -d<seconds> duration (in seconds) to run test [default=10s]$ -e<q|c|s> Use query perf timer (qpc), cycle count, or system timer respectively.$ -eDISK_IO physical disk IO$ -eIMAGE_LOAD image load$ -eMEMORY_HARD_FAULTS hard faults only$ -eMEMORY_PAGE_FAULTS all page faults$ -eNETWORK TCP/IP, UDP/IP send & receive$ -ePROCESS process start & end$ -eREGISTRY registry calls$ -eTHREAD thread start & end$ -ep use paged memory for the NT Kernel Logger [default=non-paged memory]$ -f<rst> open file with one or more additional access hints$ -f<size>[K|M|G|b] target size - use only the first <size> bytes or KiB/MiB/GiB/blocks of the file/disk/partition,$ -g<bytes per ms> throughput per-thread per-target throttled to given bytes per millisecond$ -h deprecated, see -Sh$ -i<count> number of IOs per burst; see -j [default: inactive]$ -j<milliseconds> interval in <milliseconds> between issuing IO bursts; see -i [default: inactive]$ -l Use large pages for IO buffers$ -n disable default affinity (-a)$ -o<count> number of outstanding I/O requests per target per thread$ -p start parallel sequential I/O operations with the same offset$ -r<align>[K|M|G|b] random I/O aligned to <align> in bytes/KiB/MiB/GiB/blocks (overrides -s)$ -s[i]<size>[K|M|G|b] sequential stride size, offset between subsequent I/O operations$ -t<count> number of threads per target (conflicts with -F)$ -v verbose mode$ -w<percentage> percentage of write requests (-w and -w0 are equivalent and result in a read-only workload).$ -x use completion routines instead of I/O Completion Ports$ -ye<eventname> sets event <eventname> and quits$ -yf<eventname> signals event <eventname> after the actual run finishes (no cooldown)$ -yp<eventname> stops the run when event <eventname> is set; CTRL+C is bound to this event$ -yr<eventname> waits on event <eventname> before starting the run (including warmup)$ -ys<eventname> signals event <eventname> before starting the actual run (no warmup)$ -z[seed] set random seed [with no -z, seed=0; with plain -z, seed is based on system run time]$ By default, the write buffers are filled with a repeating pattern (0, 1, 2, ..., 255, 0, 1, ...)$2.0.17a$2016/5/01$Available options:$Available targets:$Create 8192KB file and run read test on it for 1 second:$Create two 1GB files, set block size to 4KB, create 2 threads per file, affinitize threads$Event Tracing:$Examples:$I/O operations per thread, disable all caching mechanisms and run block-aligned random$Set block size to 4KB, create 2 threads per file, 32 overlapped (outstanding)$Synchronization:$Usage: %s [options] target1 [ target2 [ target3 ...] ]$Write buffers:$access read test lasting 10 seconds:$lasting 10 seconds:$to CPUs 0 and 1 (each file will have threads affinitized to both CPUs) and run read test$version %s (%s)
                                                                                                                                                                                                                                              • API String ID: 3524737521-2699309960
                                                                                                                                                                                                                                              • Opcode ID: adfc4fdc5f8246d75b106a143e25142de4dc1730bfd20d5559958deaa24a1bc3
                                                                                                                                                                                                                                              • Instruction ID: ae620ff6e2380e0927df83d993a659e1c6e30c420907319abf6d066c80b2a2ca
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: adfc4fdc5f8246d75b106a143e25142de4dc1730bfd20d5559958deaa24a1bc3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5D13E75956680DFC7007FA4B84D59CBFB4EE6A742B41CC0BEECA45252CB7489D88B32
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BBB91 Relevance: 66.9, APIs: 18, Strings: 20, Instructions: 356COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • ERROR: need to specify -j<think time> with -i<burst size>, xrefs: 002BBDEE
                                                                                                                                                                                                                                              • ERROR: custom write buffer (-Z) is smaller than the block size. Write buffer size: %I64u block size: %u, xrefs: 002BBF68
                                                                                                                                                                                                                                              • ERROR: -T has no effect unless multiple threads per target are used, xrefs: 002BBF2F
                                                                                                                                                                                                                                              • ERROR: affinity assignment to group %u core %u not possible; group only has %u cores, xrefs: 002BBCAA
                                                                                                                                                                                                                                              • ERROR: -si conflicts with -p, xrefs: 002BBEDC
                                                                                                                                                                                                                                              • WARNING: single-threaded test, -si ignored, xrefs: 002BBEFE
                                                                                                                                                                                                                                              • WARNING: -z is ignored if -r is not provided, xrefs: 002BBE93
                                                                                                                                                                                                                                              • ERROR: no timespans specified, xrefs: 002BBBFB
                                                                                                                                                                                                                                              • ERROR: -si conflicts with -r, xrefs: 002BBE3C
                                                                                                                                                                                                                                              • ERROR: affinity assignment to group %u core %u not possible; core is not active (current mask 0x%Ix), xrefs: 002BBCFF
                                                                                                                                                                                                                                              • ERROR: -p conflicts with -r, xrefs: 002BBE61
                                                                                                                                                                                                                                              • WARNING: -p does not have effect unless outstanding I/O count (-o) is > 1, xrefs: 002BBE77
                                                                                                                                                                                                                                              • ERROR: -g throughput control cannot be used with -x completion routines, xrefs: 002BBDBD
                                                                                                                                                                                                                                              • WARNING: target access pattern will not be sequential, consider -si, xrefs: 002BBF23
                                                                                                                                                                                                                                              • ERROR: affinity assignment to group %u; system only has %u groups, xrefs: 002BBC5C
                                                                                                                                                                                                                                              • ERROR: -n and -a parameters cannot be used together, xrefs: 002BBD3C
                                                                                                                                                                                                                                              • ERROR: -T conflicts with -r, xrefs: 002BBE1B
                                                                                                                                                                                                                                              • WARNING: Complete CPU utilization cannot currently be gathered within DISKSPD for this system. Use alternate mechanisms to gather this data such as perfmon/logman. Active KGroups %u > 1 and/or processor count %u > 64., xrefs: 002BBBC5
                                                                                                                                                                                                                                              • ERROR: -F and -t parameters cannot be used together, xrefs: 002BBD96
                                                                                                                                                                                                                                              • ERROR: -si conflicts with -T, xrefs: 002BBEBB
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: fprintf$__iob_func
                                                                                                                                                                                                                                              • String ID: ERROR: -F and -t parameters cannot be used together$ERROR: -T conflicts with -r$ERROR: -T has no effect unless multiple threads per target are used$ERROR: -g throughput control cannot be used with -x completion routines$ERROR: -n and -a parameters cannot be used together$ERROR: -p conflicts with -r$ERROR: -si conflicts with -T$ERROR: -si conflicts with -p$ERROR: -si conflicts with -r$ERROR: affinity assignment to group %u core %u not possible; core is not active (current mask 0x%Ix)$ERROR: affinity assignment to group %u core %u not possible; group only has %u cores$ERROR: affinity assignment to group %u; system only has %u groups$ERROR: custom write buffer (-Z) is smaller than the block size. Write buffer size: %I64u block size: %u$ERROR: need to specify -j<think time> with -i<burst size>$ERROR: no timespans specified$WARNING: -p does not have effect unless outstanding I/O count (-o) is > 1$WARNING: -z is ignored if -r is not provided$WARNING: Complete CPU utilization cannot currently be gathered within DISKSPD for this system. Use alternate mechanisms to gather this data such as perfmon/logman. Active KGroups %u > 1 and/or processor count %u > 64.$WARNING: single-threaded test, -si ignored$WARNING: target access pattern will not be sequential, consider -si
                                                                                                                                                                                                                                              • API String ID: 2177900033-102208394
                                                                                                                                                                                                                                              • Opcode ID: e0f74757f5aa475c19a1344634e63c1ba45e4e68ff8ae3f7f7d0e4c333b0822b
                                                                                                                                                                                                                                              • Instruction ID: 95f75236f0bef0623f0b3a0f3e550070afcaae95703b9dd242d3775c269d9953
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e0f74757f5aa475c19a1344634e63c1ba45e4e68ff8ae3f7f7d0e4c333b0822b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BC10A31928381EEE725AF24D84EBAAF7D89F41751F14890EF08596182D7F4E864CB61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BB845 Relevance: 66.8, APIs: 1, Strings: 37, Instructions: 281COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • sprintf_s.MSVCRT ref: 002BB8BC
                                                                                                                                                                                                                                                • Part of subcall function 002BB41D: sprintf_s.MSVCRT ref: 002BB51C
                                                                                                                                                                                                                                                • Part of subcall function 002BB41D: sprintf_s.MSVCRT ref: 002BB550
                                                                                                                                                                                                                                                • Part of subcall function 002BA1B9: memcpy.MSVCRT ref: 002BA1DB
                                                                                                                                                                                                                                                • Part of subcall function 002BA1B9: ??3@YAXPAX@Z.MSVCRT ref: 002BA1E4
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: sprintf_s$??3@memcpy
                                                                                                                                                                                                                                              • String ID: </Profile>$</TimeSpans>$<DiskIO>false</DiskIO>$<DiskIO>true</DiskIO>$<ImageLoad>false</ImageLoad>$<ImageLoad>true</ImageLoad>$<MemoryHardFaults>false</MemoryHardFaults>$<MemoryHardFaults>true</MemoryHardFaults>$<MemoryPageFaults>false</MemoryPageFaults>$<MemoryPageFaults>true</MemoryPageFaults>$<Network>false</Network>$<Network>true</Network>$<PrecreateFiles>CreateOnlyFilesWithConstantOrZeroSizes</PrecreateFiles>$<PrecreateFiles>CreateOnlyFilesWithConstantSizes</PrecreateFiles>$<PrecreateFiles>UseMaxSize</PrecreateFiles>$<Process>false</Process>$<Process>true</Process>$<Profile>$<Progress>%u</Progress>$<Registry>false</Registry>$<Registry>true</Registry>$<ResultFormat>* UNSUPPORTED *</ResultFormat>$<ResultFormat>text</ResultFormat>$<ResultFormat>xml</ResultFormat>$<Thread>false</Thread>$<Thread>true</Thread>$<TimeSpans>$<UseCyclesCounter>false</UseCyclesCounter>$<UseCyclesCounter>true</UseCyclesCounter>$<UsePagedMemory>false</UsePagedMemory>$<UsePagedMemory>true</UsePagedMemory>$<UsePerfTimer>false</UsePerfTimer>$<UsePerfTimer>true</UsePerfTimer>$<UseSystemTimer>false</UseSystemTimer>$<UseSystemTimer>true</UseSystemTimer>$<Verbose>false</Verbose>$<Verbose>true</Verbose>
                                                                                                                                                                                                                                              • API String ID: 615691289-2790193338
                                                                                                                                                                                                                                              • Opcode ID: dd23bd41666a560d7d921892eee7aa9f90b316d19cca2abab38338df4eb48159
                                                                                                                                                                                                                                              • Instruction ID: e5c631de0640ddbb4b6210d57f1e843bb251a3734dc1311ffb2caccb9fc87102
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd23bd41666a560d7d921892eee7aa9f90b316d19cca2abab38338df4eb48159
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1813E61D30671BAD725AA214C45BFE668CAF053F0F54017AF8456B382CFA46DB84BD0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BB41D Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 269COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: sprintf_s
                                                                                                                                                                                                                                              • String ID: </Affinity>$</Targets>$</TimeSpan>$<Affinity>$<AffinityGroupAssignment Group="%u" Processor="%u"/>$<CalculateIopsStdDev>false</CalculateIopsStdDev>$<CalculateIopsStdDev>true</CalculateIopsStdDev>$<CompletionRoutines>false</CompletionRoutines>$<CompletionRoutines>true</CompletionRoutines>$<Cooldown>%u</Cooldown>$<DisableAffinity>false</DisableAffinity>$<DisableAffinity>true</DisableAffinity>$<Duration>%u</Duration>$<IoBucketDuration>%u</IoBucketDuration>$<MeasureLatency>false</MeasureLatency>$<MeasureLatency>true</MeasureLatency>$<RandSeed>%u</RandSeed>$<Targets>$<ThreadCount>%u</ThreadCount>$<TimeSpan>$<Warmup>%u</Warmup>
                                                                                                                                                                                                                                              • API String ID: 2907819478-3937871512
                                                                                                                                                                                                                                              • Opcode ID: 018544e55977a90adfefa2f3743323089760d322efc50f1c280c7017d3947db5
                                                                                                                                                                                                                                              • Instruction ID: ef7602e7e15f40529f4372ddb37c9c13fa27e8f9d590ff39e0212196b3ffe90d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 018544e55977a90adfefa2f3743323089760d322efc50f1c280c7017d3947db5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B91D8B2D10254BBCB30EB608C45EEFB3BCEB44790F14056EF599A7242DA74AD948F60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BFFFD Relevance: 45.9, APIs: 1, Strings: 25, Instructions: 367COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 002C0004
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: __EH_prolog3_GS.LIBCMT ref: 002C0877
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: memset.MSVCRT ref: 002C090E
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 002C0949
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: SysFreeString.OLEAUT32(?), ref: 002C097D
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: VariantClear.OLEAUT32(?), ref: 002C098A
                                                                                                                                                                                                                                                • Part of subcall function 002C06E9: __EH_prolog3_GS.LIBCMT ref: 002C06F0
                                                                                                                                                                                                                                                • Part of subcall function 002C06E9: _wtoi.MSVCRT ref: 002C075A
                                                                                                                                                                                                                                                • Part of subcall function 002C06E9: SysFreeString.OLEAUT32(?), ref: 002C0769
                                                                                                                                                                                                                                                • Part of subcall function 002C06E9: VariantClear.OLEAUT32(?), ref: 002C0773
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: H_prolog3_$ClearFreeStringVariant$ByteCharMultiWide_wtoimemset
                                                                                                                                                                                                                                              • String ID: BaseFileOffset$BlockSize$BurstSize$DisableAllCache$DisableLocalCache$DisableOSCache$FileSize$IOPriority$InterlockedSequential$MaxFileSize$ParallelAsyncIO$Path$Random$RandomAccess$RequestCount$SequentialScan$StrideSize$TemporaryFile$ThinkTime$ThreadStride$ThreadsPerFile$Throughput$UseLargePages$WriteRatio$WriteThrough
                                                                                                                                                                                                                                              • API String ID: 283221528-1607452813
                                                                                                                                                                                                                                              • Opcode ID: 976ddbe928c12892411c31453722d0a7bc3c881f71777a99fcf07052c3dadecb
                                                                                                                                                                                                                                              • Instruction ID: cc94ae234f967f20c2f4306a26740b39da0c82e958c54b23ba032619f8be283b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 976ddbe928c12892411c31453722d0a7bc3c881f71777a99fcf07052c3dadecb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77D18172D21666EEDB25DB68C8C5FDEB7A8AB05740F050319ED54A7302D7B0EC248BD1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C5E88 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 161COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ??3@$Xmemstd::tr1::_$mallocmemmove
                                                                                                                                                                                                                                              • String ID: `f-,$`f-,$`f-,$f-,$f-,
                                                                                                                                                                                                                                              • API String ID: 4037358618-2948510796
                                                                                                                                                                                                                                              • Opcode ID: dfdd719f43ce562008571f5fc415d0da9baf6c60e3191fcbf2bc41d5758f3d82
                                                                                                                                                                                                                                              • Instruction ID: 7f04bfa2704f89168c534c1a39daab4355541a550a2ef3f6831abcd46c22269d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfdd719f43ce562008571f5fc415d0da9baf6c60e3191fcbf2bc41d5758f3d82
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8841E772510525EFCB24DF68D985E5AFBEDEF86720B24825EF908CB244DA71ED10CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C1B60 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 181COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002C1C76
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • t[%u:%u] new I/O op at %I64u (starting in block: %I64u), xrefs: 002C1C90
                                                                                                                                                                                                                                              • write, xrefs: 002C1D78
                                                                                                                                                                                                                                              • read, xrefs: 002C1D71, 002C1D84
                                                                                                                                                                                                                                              • Thread %u failed executing an I/O operation (error code: %u), xrefs: 002C1B8D
                                                                                                                                                                                                                                              • t[%u:%u] error during %s error code: %u), xrefs: 002C1D8C
                                                                                                                                                                                                                                              • Warning: thread %u transferred %u bytes instead of %u bytes, xrefs: 002C1BDF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                              • String ID: Thread %u failed executing an I/O operation (error code: %u)$Warning: thread %u transferred %u bytes instead of %u bytes$read$t[%u:%u] error during %s error code: %u)$t[%u:%u] new I/O op at %I64u (starting in block: %I64u)$write
                                                                                                                                                                                                                                              • API String ID: 885266447-1044934336
                                                                                                                                                                                                                                              • Opcode ID: c504e3f2f9999d122ad22c6c6fde36b08d25568f6d2a80b63c011acac819959b
                                                                                                                                                                                                                                              • Instruction ID: a651490ec7fb8a2f7f60dd43a93b0684fbaa231dba3c6a4f23c6bfe0b23ea6a1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c504e3f2f9999d122ad22c6c6fde36b08d25568f6d2a80b63c011acac819959b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A718A755142019FCB14DF18C885E6ABBE5FF8A314F0845ADF8488B266C730EC65CF92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C1085 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 95synchronizationCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?), ref: 002C10AB
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C10B8
                                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(?,00070000,00000000,00000000,00000001,00000018,?,?), ref: 002C10ED
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C10F9
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 002C110B
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C1115
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 002C1138
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • ERROR: Failed to create event (error code: %u), xrefs: 002C10BF
                                                                                                                                                                                                                                              • ERROR: Could not obtain drive geometry (error code: %u), xrefs: 002C1129
                                                                                                                                                                                                                                              • ERROR: Failed while waiting for event to be signaled (error code: %u), xrefs: 002C111C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$CloseControlCreateDeviceEventHandleObjectSingleWait
                                                                                                                                                                                                                                              • String ID: ERROR: Could not obtain drive geometry (error code: %u)$ERROR: Failed to create event (error code: %u)$ERROR: Failed while waiting for event to be signaled (error code: %u)
                                                                                                                                                                                                                                              • API String ID: 3935222316-3021154126
                                                                                                                                                                                                                                              • Opcode ID: 06bbc50496bbb9059add28aa99f6dc13cf4bbfc2b270b140bf69b23624533bcf
                                                                                                                                                                                                                                              • Instruction ID: 6e58ebb76b6ec134f22993f6b91c1d2fe08c3659e4bf7790f3294e5a6772e65f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06bbc50496bbb9059add28aa99f6dc13cf4bbfc2b270b140bf69b23624533bcf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4021F632D21145FF9B119FA1DC0EEBFBBBDEB99710B10421DF905E2050DA748D21CA61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C0FB0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 85synchronizationCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?), ref: 002C0FD6
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C0FE3
                                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(?,00074004,00000000,00000000,?,00000020,?,00000003), ref: 002C1015
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C1021
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 002C1033
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C103D
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 002C1060
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • ERROR: Failed to create event (error code: %u), xrefs: 002C0FEA
                                                                                                                                                                                                                                              • ERROR: Could not obtain partition info (error code: %u), xrefs: 002C1051
                                                                                                                                                                                                                                              • ERROR: Failed while waiting for event to be signaled (error code: %u), xrefs: 002C1044
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$CloseControlCreateDeviceEventHandleObjectSingleWait
                                                                                                                                                                                                                                              • String ID: ERROR: Could not obtain partition info (error code: %u)$ERROR: Failed to create event (error code: %u)$ERROR: Failed while waiting for event to be signaled (error code: %u)
                                                                                                                                                                                                                                              • API String ID: 3935222316-1037057180
                                                                                                                                                                                                                                              • Opcode ID: 77244fe9746cbf270cfee152f0ecd455d0a444c5fe1cf07a654a7f91215560e5
                                                                                                                                                                                                                                              • Instruction ID: cd4c08dada8c4db2fadbb724f174dc03c2bf5c456e8b94e4b032f92c57401279
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77244fe9746cbf270cfee152f0ecd455d0a444c5fe1cf07a654a7f91215560e5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8921F831D21144FF97209FA5EC0EEAFB779EB96711B10421EFD01E2150DA209C65C6A5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C057C Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 111COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 002C0583
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: __EH_prolog3_GS.LIBCMT ref: 002BF165
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: VariantClear.OLEAUT32 ref: 002BF17A
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF215
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: SysAllocString.OLEAUT32(00000000), ref: 002BF228
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: free.MSVCRT(00000000,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF257
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002C06CC
                                                                                                                                                                                                                                                • Part of subcall function 002C0790: __EH_prolog3_GS.LIBCMT ref: 002C0797
                                                                                                                                                                                                                                                • Part of subcall function 002C0790: _wtoi.MSVCRT ref: 002C081D
                                                                                                                                                                                                                                                • Part of subcall function 002C0790: SysFreeString.OLEAUT32(?), ref: 002C082C
                                                                                                                                                                                                                                                • Part of subcall function 002C0790: SysFreeString.OLEAUT32(?), ref: 002C083D
                                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 002C066A
                                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 002C0692
                                                                                                                                                                                                                                                • Part of subcall function 002CD7CD: __iob_func.MSVCRT ref: 002CD7D2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Processor, xrefs: 002C0643
                                                                                                                                                                                                                                              • ERROR: profile specifies group assignment to core %u, out of range, xrefs: 002C065C
                                                                                                                                                                                                                                              • Group, xrefs: 002C0629
                                                                                                                                                                                                                                              • ERROR: profile specifies group assignment group %u, out of range, xrefs: 002C0684
                                                                                                                                                                                                                                              • Affinity/AffinityGroupAssignment, xrefs: 002C0592
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: H_prolog3_String$ClearFreeVariantfprintf$AllocByteCharMultiWide__iob_func_wtoifree
                                                                                                                                                                                                                                              • String ID: Affinity/AffinityGroupAssignment$ERROR: profile specifies group assignment group %u, out of range$ERROR: profile specifies group assignment to core %u, out of range$Group$Processor
                                                                                                                                                                                                                                              • API String ID: 1108869389-696485494
                                                                                                                                                                                                                                              • Opcode ID: 482afaff08aba15b5d39d6b376abe1a533c65a3ba37d6ba07c15902cf2239e6b
                                                                                                                                                                                                                                              • Instruction ID: 4542d7bfcfa2bca0dcadba4148934b0c9a557cf7d601483806dc96b7964fb02c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 482afaff08aba15b5d39d6b376abe1a533c65a3ba37d6ba07c15902cf2239e6b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33419A71D2122ADFDB10EFA4D889EAEBB74AF48700F104229E905B7251C734AD25DBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C1DA7 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 146fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ReadFileEx.KERNEL32(00000010,00000000,00000004,?,002C1B60,000000B8,00000000,?), ref: 002C1E66
                                                                                                                                                                                                                                              • WriteFileEx.KERNEL32(00000010,00000000,?,00000000,00000004,?,002C1B60,000000B8,00000000,?), ref: 002C1E92
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002C1EEE
                                                                                                                                                                                                                                              • WaitForSingleObjectEx.KERNEL32(?,000000FF,00000001,000000B8,00000000,?), ref: 002C1F20
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$ErrorLastObjectReadSingleWaitWrite
                                                                                                                                                                                                                                              • String ID: Error in thread %u during WaitForSingleObjectEx (in completion routines)$read$t[%u:%u] error during %s error code: %u)$write
                                                                                                                                                                                                                                              • API String ID: 781436170-3983133461
                                                                                                                                                                                                                                              • Opcode ID: 851a28f7232ecfe1f7622b33584f934b26d3870528ef8d5b2fcbc9c9621811bc
                                                                                                                                                                                                                                              • Instruction ID: e82bbc552924217e085229d72b35490cece4bffafd6e1d8ac3ff158e9d37883e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 851a28f7232ecfe1f7622b33584f934b26d3870528ef8d5b2fcbc9c9621811bc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47515A71D10216AFCB14DF98C846AAEBBB5FF49310F15826AE819A3652C734AC75CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BFE7D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 125COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 002BFE84
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: __EH_prolog3_GS.LIBCMT ref: 002BF165
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: VariantClear.OLEAUT32 ref: 002BF17A
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF215
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: SysAllocString.OLEAUT32(00000000), ref: 002BF228
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: free.MSVCRT(00000000,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF257
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002BFFE0
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: __EH_prolog3_GS.LIBCMT ref: 002C0877
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: memset.MSVCRT ref: 002C090E
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 002C0949
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: SysFreeString.OLEAUT32(?), ref: 002C097D
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: VariantClear.OLEAUT32(?), ref: 002C098A
                                                                                                                                                                                                                                                • Part of subcall function 002BC383: memcmp.MSVCRT ref: 002BC3AF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClearH_prolog3_Variant$ByteCharMultiStringWide$AllocFreefreememcmpmemset
                                                                                                                                                                                                                                              • String ID: Pattern$WriteBufferContent$random$sequential$zero
                                                                                                                                                                                                                                              • API String ID: 1455204710-842192564
                                                                                                                                                                                                                                              • Opcode ID: d8d3e51636371ece00e5f8fff6dc7262f14e8ee1460633244cc2d256c673a4c0
                                                                                                                                                                                                                                              • Instruction ID: af2900e0d92b762f59798d4fb2c3ab73c6af08d4d0c5a0b9e2e98db56bc3f6d4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8d3e51636371ece00e5f8fff6dc7262f14e8ee1460633244cc2d256c673a4c0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC41B132C20225AFDB11EBA4DC45BEEBB78AF053A0F154029F901B7281DB70AD55CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002B9D90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • printf.MSVCRT ref: 002B9DA0
                                                                                                                                                                                                                                              • SetEvent.KERNEL32 ref: 002B9DAD
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002B9DB7
                                                                                                                                                                                                                                                • Part of subcall function 002CD7CD: __iob_func.MSVCRT ref: 002CD7D2
                                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 002B9DCC
                                                                                                                                                                                                                                              • SetConsoleCtrlHandler.KERNEL32(002B9D90,00000000), ref: 002B9DDC
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • *** Interrupted by Ctrl-C. Stopping I/O Request Generator. ***, xrefs: 002B9D9B
                                                                                                                                                                                                                                              • Warning: Setting abort event failed (error code: %u), xrefs: 002B9DBE
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ConsoleCtrlErrorEventHandlerLast__iob_funcfprintfprintf
                                                                                                                                                                                                                                              • String ID: *** Interrupted by Ctrl-C. Stopping I/O Request Generator. ***$Warning: Setting abort event failed (error code: %u)
                                                                                                                                                                                                                                              • API String ID: 2832824574-2030963000
                                                                                                                                                                                                                                              • Opcode ID: 84deed2f5478d075a84ad865c0d3410879c7918a13413b92802edbbfec9f0f5e
                                                                                                                                                                                                                                              • Instruction ID: 80f34c63c29ca34739bd4bba09941c1064d2b22f04d13a25fb642cad1846617e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84deed2f5478d075a84ad865c0d3410879c7918a13413b92802edbbfec9f0f5e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5CF03031A65242EFE7103BA1BC0EB667B59DB65752F508426F609900A2EAB088B8C561
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C8DF8 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 163COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 002C834C: memset.MSVCRT ref: 002C8379
                                                                                                                                                                                                                                                • Part of subcall function 002C834C: vsprintf_s.MSVCRT ref: 002C838D
                                                                                                                                                                                                                                              • sprintf_s.MSVCRT ref: 002C8F18
                                                                                                                                                                                                                                              • sprintf_s.MSVCRT ref: 002C8FED
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • avg.| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%, xrefs: 002C8FE2
                                                                                                                                                                                                                                              • CPU | Usage | User | Kernel | Idle, xrefs: 002C8E41
                                                                                                                                                                                                                                              • %4u| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%, xrefs: 002C8F0D
                                                                                                                                                                                                                                              • -------------------------------------------, xrefs: 002C8E50, 002C8F90
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: sprintf_s$memsetvsprintf_s
                                                                                                                                                                                                                                              • String ID: CPU | Usage | User | Kernel | Idle$%4u| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%$-------------------------------------------$avg.| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%
                                                                                                                                                                                                                                              • API String ID: 1157834829-6584663
                                                                                                                                                                                                                                              • Opcode ID: d1ddcd894dfc1b319e1bc4e08ffa7ef2be85687d8a709c92c1ef079474f18996
                                                                                                                                                                                                                                              • Instruction ID: 9ebf061ad9f4627226c1bcecc118a4da287ec461c67ea4b175b4dc3297419fb7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1ddcd894dfc1b319e1bc4e08ffa7ef2be85687d8a709c92c1ef079474f18996
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D519D71A18B45A7D3057F20E449A9ABBF8FFC4380F614D8DF1C46116AEF3289748B86
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C5EFA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 002C5F4B
                                                                                                                                                                                                                                              • std::tr1::_Xmem.LIBCPMT ref: 002C5F70
                                                                                                                                                                                                                                                • Part of subcall function 002CCA2B: malloc.MSVCRT ref: 002CCA42
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ??3@Xmemmallocstd::tr1::_
                                                                                                                                                                                                                                              • String ID: `f-,$`f-,$f-,$f-,
                                                                                                                                                                                                                                              • API String ID: 1885858825-632518425
                                                                                                                                                                                                                                              • Opcode ID: ce24a139f74afd0ede6189c4057674162ecac2ef399705d8fe4bd3595c3e6ebf
                                                                                                                                                                                                                                              • Instruction ID: b505a6f6b22438547b73a705e884e910a7fa171e79447b5d5463ae6658c23343
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce24a139f74afd0ede6189c4057674162ecac2ef399705d8fe4bd3595c3e6ebf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C012672524535DBCB18DF9CDC85F0ABBEDDF86720B24425EE808CF205DA70ED108AA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BF15E Relevance: 9.1, APIs: 6, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 002BF165
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32 ref: 002BF17A
                                                                                                                                                                                                                                              • malloc.MSVCRT ref: 002BF1E8
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF215
                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 002BF228
                                                                                                                                                                                                                                              • free.MSVCRT(00000000,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF257
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocByteCharClearH_prolog3_MultiStringVariantWidefreemalloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1623262104-0
                                                                                                                                                                                                                                              • Opcode ID: fe1a4b33aa751c264bb00f46201014aa31ae52d8891afa754a267784c1d2e256
                                                                                                                                                                                                                                              • Instruction ID: 080fac8e1a38755d7dbccc73ec0073d470cd083c74ccfdc59e41f8912cfad364
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe1a4b33aa751c264bb00f46201014aa31ae52d8891afa754a267784c1d2e256
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3310835920207CBDF14DF68DD546ED77A4EF85360B24823EE919EB292DB708C15CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BCC0B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Invalid size specifier '%c'. Valid ones are: K - KB, M - MB, G - GB, B - block, xrefs: 002BCCC1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __aulldiv$fprintftoupper
                                                                                                                                                                                                                                              • String ID: Invalid size specifier '%c'. Valid ones are: K - KB, M - MB, G - GB, B - block
                                                                                                                                                                                                                                              • API String ID: 2363179844-1600532622
                                                                                                                                                                                                                                              • Opcode ID: ea3e0002ae86a579899a50dade3f06cbf6e85ee82becde9455c260a1143f9a9b
                                                                                                                                                                                                                                              • Instruction ID: fcba7476100d96e603b9d4384529d8eb0490d00a0ea73af0b6e47b575635ae26
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea3e0002ae86a579899a50dade3f06cbf6e85ee82becde9455c260a1143f9a9b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56418E755642539FC710CE188804BEB7FD4EBD23E0F39462FF8A99B250D2309C158B96
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BFD31 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 002BFD38
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: __EH_prolog3_GS.LIBCMT ref: 002BF165
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: VariantClear.OLEAUT32 ref: 002BF17A
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF215
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: SysAllocString.OLEAUT32(00000000), ref: 002BF228
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: free.MSVCRT(00000000,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF257
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002BFE60
                                                                                                                                                                                                                                                • Part of subcall function 002C09AA: __EH_prolog3_GS.LIBCMT ref: 002C09B1
                                                                                                                                                                                                                                                • Part of subcall function 002C09AA: _wtoi64.MSVCRT ref: 002C0A1B
                                                                                                                                                                                                                                                • Part of subcall function 002C09AA: SysFreeString.OLEAUT32(?), ref: 002C0A2D
                                                                                                                                                                                                                                                • Part of subcall function 002C09AA: VariantClear.OLEAUT32(?), ref: 002C0A37
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: __EH_prolog3_GS.LIBCMT ref: 002C0877
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: memset.MSVCRT ref: 002C090E
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 002C0949
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: SysFreeString.OLEAUT32(?), ref: 002C097D
                                                                                                                                                                                                                                                • Part of subcall function 002C086D: VariantClear.OLEAUT32(?), ref: 002C098A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClearH_prolog3_Variant$String$ByteCharFreeMultiWide$Alloc_wtoi64freememset
                                                                                                                                                                                                                                              • String ID: FilePath$RandomDataSource$SizeInBytes
                                                                                                                                                                                                                                              • API String ID: 315616386-221587684
                                                                                                                                                                                                                                              • Opcode ID: 134cf9de9bdcc78f12e8b4afda3a5850caa44bcf28a77b25e0fe287a31e8e722
                                                                                                                                                                                                                                              • Instruction ID: a623a5dc453f003c0efad60c75f878427d2593e7f95ebc0b73545c0fbf683bb9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 134cf9de9bdcc78f12e8b4afda3a5850caa44bcf28a77b25e0fe287a31e8e722
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1419F32D21228DFDB11EFA8CC55BEDB7B4AF08750F054128E915B7252DB70AD19CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C0475 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 002C047C
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: __EH_prolog3_GS.LIBCMT ref: 002BF165
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: VariantClear.OLEAUT32 ref: 002BF17A
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF215
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: SysAllocString.OLEAUT32(00000000), ref: 002BF228
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: free.MSVCRT(00000000,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF257
                                                                                                                                                                                                                                              • _wtoi.MSVCRT ref: 002C052F
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 002C0543
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002C055F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Affinity/AffinityAssignment, xrefs: 002C048B
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wtoifree
                                                                                                                                                                                                                                              • String ID: Affinity/AffinityAssignment
                                                                                                                                                                                                                                              • API String ID: 1474463088-139104479
                                                                                                                                                                                                                                              • Opcode ID: 485a52fdc53be7eee32b66d76bb9a8dcb03cccb87d0a51eace0f86623e76dd48
                                                                                                                                                                                                                                              • Instruction ID: 8ddfdab8880d7bc9e042dd87e43fae80bd0e0d7ba79f3a0028aca346a40590fe
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 485a52fdc53be7eee32b66d76bb9a8dcb03cccb87d0a51eace0f86623e76dd48
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10316D71D1162ADFDB11DFA8D888AAEBB74BF58310B014159E90AB7251DB30AD05CFA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C0A84 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 002C0A8B
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: __EH_prolog3_GS.LIBCMT ref: 002BF165
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: VariantClear.OLEAUT32 ref: 002BF17A
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF215
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: SysAllocString.OLEAUT32(00000000), ref: 002BF228
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: free.MSVCRT(00000000,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF257
                                                                                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 002C0AFA
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 002C0B10
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002C0B1A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wcsicmpfree
                                                                                                                                                                                                                                              • String ID: true
                                                                                                                                                                                                                                              • API String ID: 1156377413-4261170317
                                                                                                                                                                                                                                              • Opcode ID: 8088beaaa6768e65d96c635df57e8090f838ab91b09f33df6384c2cdbcd971b6
                                                                                                                                                                                                                                              • Instruction ID: 8001f437302cb9e33b91d299ecc45e4ea683f51ca8d0f279d9a5aea1f8e1db05
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8088beaaa6768e65d96c635df57e8090f838ab91b09f33df6384c2cdbcd971b6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE11BE32D1121ADFCF01DBA8D848FEE7BB4EF18714F018059E515A7251DB30AD1ACBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C566F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 26COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::tr1::_Xmem.LIBCPMT ref: 002C569D
                                                                                                                                                                                                                                                • Part of subcall function 002CCA2B: malloc.MSVCRT ref: 002CCA42
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Xmemmallocstd::tr1::_
                                                                                                                                                                                                                                              • String ID: `f-,$`f-,$`f-,$`f-,
                                                                                                                                                                                                                                              • API String ID: 257571584-2109989360
                                                                                                                                                                                                                                              • Opcode ID: 2eed2c4406c7d294464ca261f4af94231f5a40d232a5c5b8e446d7dc9136c5e0
                                                                                                                                                                                                                                              • Instruction ID: b6b0070bcdc34411b62a16d77e4be5e3e1d3af2e9b653ed8ec6fc94bbbce3f01
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2eed2c4406c7d294464ca261f4af94231f5a40d232a5c5b8e446d7dc9136c5e0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CED05E7132871F079B1C6DADA426F2EB6CC8B947217B4053EF41ECA580ED20ECA08419
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C086D Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 002C0877
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: __EH_prolog3_GS.LIBCMT ref: 002BF165
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: VariantClear.OLEAUT32 ref: 002BF17A
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF215
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: SysAllocString.OLEAUT32(00000000), ref: 002BF228
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: free.MSVCRT(00000000,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF257
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 002C090E
                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 002C0949
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 002C097D
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002C098A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ByteCharClearH_prolog3_MultiStringVariantWide$AllocFreefreememset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3350116639-0
                                                                                                                                                                                                                                              • Opcode ID: 714051a2c36fd5c99b66e366b2d7db8bae51671de80f26e0aa2ae7163c4073fa
                                                                                                                                                                                                                                              • Instruction ID: d8d6c9b7c121b27c56f158bce7c1567f6060f9a0007a9378847bfe34e3a3d4ee
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 714051a2c36fd5c99b66e366b2d7db8bae51671de80f26e0aa2ae7163c4073fa
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50316B31910229DBDF24EB24CC99FDEB778EF45700F014199BA0AA7291DA706F95CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C13B6 Relevance: 6.3, APIs: 5, Instructions: 53COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: rand
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 415692148-0
                                                                                                                                                                                                                                              • Opcode ID: f19ab6b648302eef8bd87cc8f4b56768e2277779b82bd0e45415bd241fa52c4f
                                                                                                                                                                                                                                              • Instruction ID: 8477464a37d340297da7921c2013ab2d86dd82eb37e1a18a4a5f86d1e91c60d8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f19ab6b648302eef8bd87cc8f4b56768e2277779b82bd0e45415bd241fa52c4f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5801FC73E12225BBE3409BA4DC8A329B792DB84210F0A4131F63CD7182C9389C2165D1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C1490 Relevance: 6.1, APIs: 4, Instructions: 148COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __aullrem$__aulldiv
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3670715282-0
                                                                                                                                                                                                                                              • Opcode ID: 754fef53222c85af97132c4c6f2970ad45c246b85e278bd0114cd496febdb416
                                                                                                                                                                                                                                              • Instruction ID: 5059875590e32c797ef25b09ffdb4021d4146e05e6cfca373bd9a8acb16f4c69
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 754fef53222c85af97132c4c6f2970ad45c246b85e278bd0114cd496febdb416
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D5148B1A183119FC714CF18C481E1ABBEAEFC9354F15465DF884A7252CA30EC658B96
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C0790 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 002C0797
                                                                                                                                                                                                                                                • Part of subcall function 002BF10B: SysFreeString.OLEAUT32 ref: 002BF143
                                                                                                                                                                                                                                              • _wtoi.MSVCRT ref: 002C081D
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 002C082C
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 002C083D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeString$H_prolog3__wtoi
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2138719750-0
                                                                                                                                                                                                                                              • Opcode ID: 7502e98f3010277f36cbd3e23e2ce1b491049ded7de818bc7bedaac203c15265
                                                                                                                                                                                                                                              • Instruction ID: ce91a36237cc7d03e9accea326553c9a3dd4950d1477943fd8274e99a23635b6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7502e98f3010277f36cbd3e23e2ce1b491049ded7de818bc7bedaac203c15265
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54218D31A1020ADFCF00DF64DC98BAD7BB5EF98314F108158E516A72A1CB31AD16DFA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C09AA Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 002C09B1
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: __EH_prolog3_GS.LIBCMT ref: 002BF165
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: VariantClear.OLEAUT32 ref: 002BF17A
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF215
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: SysAllocString.OLEAUT32(00000000), ref: 002BF228
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: free.MSVCRT(00000000,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF257
                                                                                                                                                                                                                                              • _wtoi64.MSVCRT ref: 002C0A1B
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 002C0A2D
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002C0A37
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wtoi64free
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 109575796-0
                                                                                                                                                                                                                                              • Opcode ID: d59391885a8ea0cf812f0abf265d96395ffef2b5162c34d49d8d335471801a92
                                                                                                                                                                                                                                              • Instruction ID: 5e4d1e0410c270005763e4bc427d1d9c9b4fb7c6698793c7cf5f6f38d1b2cb59
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d59391885a8ea0cf812f0abf265d96395ffef2b5162c34d49d8d335471801a92
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D117C32D1121ADFCF01DBA8D858BEDBBB4EF58314F018059E619A7261DB31AD16CFA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C06E9 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 002C06F0
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: __EH_prolog3_GS.LIBCMT ref: 002BF165
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: VariantClear.OLEAUT32 ref: 002BF17A
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF215
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: SysAllocString.OLEAUT32(00000000), ref: 002BF228
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: free.MSVCRT(00000000,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF257
                                                                                                                                                                                                                                              • _wtoi.MSVCRT ref: 002C075A
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 002C0769
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002C0773
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wtoifree
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1474463088-0
                                                                                                                                                                                                                                              • Opcode ID: 5b0b9c8fadb0e93f357720fa8a77eadb64a70aca27c2c4ca04b7f2f00bb33b8f
                                                                                                                                                                                                                                              • Instruction ID: 13c99cb495b725e3d21a39d25374b8c4587bd038d66b214cf264e4fe05ad7c63
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b0b9c8fadb0e93f357720fa8a77eadb64a70aca27c2c4ca04b7f2f00bb33b8f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71116031D2121ADFCF05EBA4D848FEDBBB5AF18315F018059E915A7261DB31AD15CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BF06F Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000), ref: 002BF088
                                                                                                                                                                                                                                              • SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 002BF096
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,?,?,000000FF,00000000,00000000), ref: 002BF0AC
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 002BF0B8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ByteCharMultiStringWide$AllocFree
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 447844807-0
                                                                                                                                                                                                                                              • Opcode ID: c4f6faf0ebae403cf9d02eba8099fd3aa1496447dcdae995b1b504af969c0273
                                                                                                                                                                                                                                              • Instruction ID: cf7d99687a5480d87fe5a99e407ce98affbb70134de3ccc30157c34d41fed6c7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4f6faf0ebae403cf9d02eba8099fd3aa1496447dcdae995b1b504af969c0273
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5F04231515121FBD3305B8A9C4CDEBBF6CDB923B1B100326F41CD3190D9605D08C1B0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BEA9A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ??3@Xmemstd::tr1::_
                                                                                                                                                                                                                                              • String ID: 8
                                                                                                                                                                                                                                              • API String ID: 2676974237-4194326291
                                                                                                                                                                                                                                              • Opcode ID: c0156a843f539794e1e1e93a162c138f80b8f9819362520504281dbbc2868856
                                                                                                                                                                                                                                              • Instruction ID: f3c6f2ded414f142c1f665fd37284604df8150e666862ca4b26179206b6f992b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0156a843f539794e1e1e93a162c138f80b8f9819362520504281dbbc2868856
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E31D7B6B112169BCF04DFA9C9954DDFBA9FF98350B25412EE906D3301D670ED20CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002BFBF6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 002BFC00
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: __EH_prolog3_GS.LIBCMT ref: 002BF165
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: VariantClear.OLEAUT32 ref: 002BF17A
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF215
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: SysAllocString.OLEAUT32(00000000), ref: 002BF228
                                                                                                                                                                                                                                                • Part of subcall function 002BF15E: free.MSVCRT(00000000,?,00000014,002C0AA9,?,00000020,002BF785,?,//Profile/ETW/Process,?), ref: 002BF257
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002BFD1C
                                                                                                                                                                                                                                                • Part of subcall function 002BFFFD: __EH_prolog3_GS.LIBCMT ref: 002C0004
                                                                                                                                                                                                                                                • Part of subcall function 002BCA85: __EH_prolog3_GS.LIBCMT ref: 002BCA8F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: H_prolog3_$ClearVariant$AllocByteCharMultiStringWidefree
                                                                                                                                                                                                                                              • String ID: Targets/Target
                                                                                                                                                                                                                                              • API String ID: 2883521150-4232948680
                                                                                                                                                                                                                                              • Opcode ID: 7369d94560df8d5933b609a256ad7946db39c3b0f9740b9ab5e468ad13a230e5
                                                                                                                                                                                                                                              • Instruction ID: 52c5d920bed963519a9afa7ca242893813347ccd22cc39b347bd05a628b41d8a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7369d94560df8d5933b609a256ad7946db39c3b0f9740b9ab5e468ad13a230e5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1313731911229DFEB21EB64CC54BEDB774AF54340F0181EAE90DA3291DB30AE99CF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002CC7D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 002CC7F2
                                                                                                                                                                                                                                              • _CxxThrowException.MSVCRT(?,002D0758), ref: 002CC845
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • IoBucketizer has not been initialized, xrefs: 002CC82F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionThrow__aulldiv
                                                                                                                                                                                                                                              • String ID: IoBucketizer has not been initialized
                                                                                                                                                                                                                                              • API String ID: 1607158013-2369748627
                                                                                                                                                                                                                                              • Opcode ID: 9e8c13534b3bdb787eeb0cf7515840447319c3332d1b314ffea4117d12017f13
                                                                                                                                                                                                                                              • Instruction ID: 7f61bf0abd54ce3cef13faa778093c99b7d820bc0ef0d33c6d4fdafd8b89c6ea
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e8c13534b3bdb787eeb0cf7515840447319c3332d1b314ffea4117d12017f13
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50015E32920114ABCB11EE54C885E9AF7A9FB48361B1583A5ED1DAF116D731FC21CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 002C31FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetEvent.KERNEL32(00000000), ref: 002C3212
                                                                                                                                                                                                                                                • Part of subcall function 002C31AA: TerminateThread.KERNEL32(?,00000000), ref: 002C31C9
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Error signaling start event, xrefs: 002C321C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1754132750.00000000002B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754117435.00000000002B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754153088.00000000002D1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1754165663.00000000002D2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_2b0000_diskspd.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EventTerminateThread
                                                                                                                                                                                                                                              • String ID: Error signaling start event
                                                                                                                                                                                                                                              • API String ID: 2007589259-38563648
                                                                                                                                                                                                                                              • Opcode ID: 68b83884eddf632c252582801b2453cce33d0c78e4fadd7282d74046c7dbb6b3
                                                                                                                                                                                                                                              • Instruction ID: f8b11d0d52706405531a5366ccc106c8fc490934e4f11c5e8f545cf2379270be
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68b83884eddf632c252582801b2453cce33d0c78e4fadd7282d74046c7dbb6b3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56E0D830425345EEDB00AF11FC0DF943755AB50711F50C60EF809050A1C7B4DDB4C962
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:13.8%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                                              Total number of Nodes:1262
                                                                                                                                                                                                                                              Total number of Limit Nodes:19
                                                                                                                                                                                                                                              execution_graph 3265 401cc1 GetDlgItem GetClientRect 3266 402a0c 18 API calls 3265->3266 3267 401cf1 LoadImageA SendMessageA 3266->3267 3268 4028a1 3267->3268 3269 401d0f DeleteObject 3267->3269 3269->3268 3270 401dc1 3271 402a0c 18 API calls 3270->3271 3272 401dc7 3271->3272 3273 402a0c 18 API calls 3272->3273 3274 401dd0 3273->3274 3275 402a0c 18 API calls 3274->3275 3276 401dd9 3275->3276 3277 402a0c 18 API calls 3276->3277 3278 401de2 3277->3278 3279 401423 25 API calls 3278->3279 3280 401de9 ShellExecuteA 3279->3280 3281 401e16 3280->3281 3282 401645 3283 402a0c 18 API calls 3282->3283 3284 40164c 3283->3284 3285 402a0c 18 API calls 3284->3285 3286 401655 3285->3286 3287 402a0c 18 API calls 3286->3287 3288 40165e MoveFileA 3287->3288 3289 401671 3288->3289 3290 40166a 3288->3290 3292 405e9c 2 API calls 3289->3292 3294 40217f 3289->3294 3291 401423 25 API calls 3290->3291 3291->3294 3293 401680 3292->3293 3293->3294 3295 4058ef 40 API calls 3293->3295 3295->3290 3296 401ec5 3297 402a0c 18 API calls 3296->3297 3298 401ecc 3297->3298 3299 405f2d 5 API calls 3298->3299 3300 401edb 3299->3300 3301 401ef3 GlobalAlloc 3300->3301 3303 401f5b 3300->3303 3302 401f07 3301->3302 3301->3303 3304 405f2d 5 API calls 3302->3304 3305 401f0e 3304->3305 3306 405f2d 5 API calls 3305->3306 3307 401f18 3306->3307 3307->3303 3311 405aff wsprintfA 3307->3311 3309 401f4f 3312 405aff wsprintfA 3309->3312 3311->3309 3312->3303 3313 4023c5 3324 402b16 3313->3324 3315 4023cf 3316 402a0c 18 API calls 3315->3316 3317 4023d8 3316->3317 3318 4023e2 RegQueryValueExA 3317->3318 3322 402672 3317->3322 3319 402402 3318->3319 3320 402408 RegCloseKey 3318->3320 3319->3320 3328 405aff wsprintfA 3319->3328 3320->3322 3325 402a0c 18 API calls 3324->3325 3326 402b2f 3325->3326 3327 402b3d RegOpenKeyExA 3326->3327 3327->3315 3328->3320 3332 404fcb 3333 405177 3332->3333 3334 404fec GetDlgItem GetDlgItem GetDlgItem 3332->3334 3336 405180 GetDlgItem CreateThread CloseHandle 3333->3336 3337 4051a8 3333->3337 3378 403e92 SendMessageA 3334->3378 3336->3337 3339 4051d3 3337->3339 3340 4051f5 3337->3340 3341 4051bf ShowWindow ShowWindow 3337->3341 3338 40505d 3345 405064 GetClientRect GetSystemMetrics SendMessageA SendMessageA 3338->3345 3342 4051e4 3339->3342 3343 40520a ShowWindow 3339->3343 3346 405231 3339->3346 3387 403ec4 3340->3387 3383 403e92 SendMessageA 3341->3383 3384 403e36 3342->3384 3350 40522a 3343->3350 3351 40521c 3343->3351 3352 4050d3 3345->3352 3353 4050b7 SendMessageA SendMessageA 3345->3353 3346->3340 3354 40523c SendMessageA 3346->3354 3349 405203 3356 403e36 SendMessageA 3350->3356 3355 404e8d 25 API calls 3351->3355 3357 4050e6 3352->3357 3358 4050d8 SendMessageA 3352->3358 3353->3352 3354->3349 3359 405255 CreatePopupMenu 3354->3359 3355->3350 3356->3346 3379 403e5d 3357->3379 3358->3357 3360 405bc3 18 API calls 3359->3360 3363 405265 AppendMenuA 3360->3363 3362 4050f6 3366 405133 GetDlgItem SendMessageA 3362->3366 3367 4050ff ShowWindow 3362->3367 3364 405278 GetWindowRect 3363->3364 3365 40528b 3363->3365 3368 405294 TrackPopupMenu 3364->3368 3365->3368 3366->3349 3370 40515a SendMessageA SendMessageA 3366->3370 3369 405115 ShowWindow 3367->3369 3372 405122 3367->3372 3368->3349 3371 4052b2 3368->3371 3369->3372 3370->3349 3373 4052ce SendMessageA 3371->3373 3382 403e92 SendMessageA 3372->3382 3373->3373 3375 4052eb OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3373->3375 3376 40530d SendMessageA 3375->3376 3376->3376 3377 40532e GlobalUnlock SetClipboardData CloseClipboard 3376->3377 3377->3349 3378->3338 3380 405bc3 18 API calls 3379->3380 3381 403e68 SetDlgItemTextA 3380->3381 3381->3362 3382->3366 3383->3339 3385 403e43 SendMessageA 3384->3385 3386 403e3d 3384->3386 3385->3340 3386->3385 3388 403edc GetWindowLongA 3387->3388 3398 403f65 3387->3398 3389 403eed 3388->3389 3388->3398 3390 403efc GetSysColor 3389->3390 3391 403eff 3389->3391 3390->3391 3392 403f05 SetTextColor 3391->3392 3393 403f0f SetBkMode 3391->3393 3392->3393 3394 403f27 GetSysColor 3393->3394 3395 403f2d 3393->3395 3394->3395 3396 403f34 SetBkColor 3395->3396 3397 403f3e 3395->3397 3396->3397 3397->3398 3399 403f51 DeleteObject 3397->3399 3400 403f58 CreateBrushIndirect 3397->3400 3398->3349 3399->3400 3400->3398 3401 402b51 3402 402b60 SetTimer 3401->3402 3403 402b79 3401->3403 3402->3403 3404 402bce 3403->3404 3405 402b93 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3403->3405 3405->3404 3406 404254 3407 404264 3406->3407 3408 40428a 3406->3408 3410 403e5d 19 API calls 3407->3410 3409 403ec4 8 API calls 3408->3409 3411 404296 3409->3411 3412 404271 SetDlgItemTextA 3410->3412 3412->3408 3413 402654 3414 402a0c 18 API calls 3413->3414 3415 40265b FindFirstFileA 3414->3415 3416 40267e 3415->3416 3420 40266e 3415->3420 3421 405aff wsprintfA 3416->3421 3418 402685 3422 405ba1 lstrcpynA 3418->3422 3421->3418 3422->3420 3423 4024d4 3424 4024d9 3423->3424 3425 4024ea 3423->3425 3432 4029ef 3424->3432 3427 402a0c 18 API calls 3425->3427 3428 4024f1 lstrlenA 3427->3428 3429 4024e0 3428->3429 3430 402510 WriteFile 3429->3430 3431 402672 3429->3431 3430->3431 3433 405bc3 18 API calls 3432->3433 3434 402a03 3433->3434 3434->3429 3435 4014d6 3436 4029ef 18 API calls 3435->3436 3437 4014dc Sleep 3436->3437 3439 4028a1 3437->3439 3445 4018d8 3446 40190f 3445->3446 3447 402a0c 18 API calls 3446->3447 3448 401914 3447->3448 3449 4054c6 70 API calls 3448->3449 3450 40191d 3449->3450 3451 4018db 3452 402a0c 18 API calls 3451->3452 3453 4018e2 3452->3453 3454 405462 MessageBoxIndirectA 3453->3454 3455 4018eb 3454->3455 3456 4047dc GetDlgItem GetDlgItem 3457 404830 7 API calls 3456->3457 3466 404a4d 3456->3466 3458 4048d6 DeleteObject 3457->3458 3459 4048c9 SendMessageA 3457->3459 3460 4048e1 3458->3460 3459->3458 3461 404918 3460->3461 3465 405bc3 18 API calls 3460->3465 3463 403e5d 19 API calls 3461->3463 3462 404b37 3464 404be6 3462->3464 3468 404a40 3462->3468 3474 404b90 SendMessageA 3462->3474 3467 40492c 3463->3467 3469 404bfb 3464->3469 3470 404bef SendMessageA 3464->3470 3471 4048fa SendMessageA SendMessageA 3465->3471 3466->3462 3490 404ac1 3466->3490 3509 40475c SendMessageA 3466->3509 3473 403e5d 19 API calls 3467->3473 3475 403ec4 8 API calls 3468->3475 3477 404c14 3469->3477 3478 404c0d ImageList_Destroy 3469->3478 3486 404c24 3469->3486 3470->3469 3471->3460 3491 40493a 3473->3491 3474->3468 3480 404ba5 SendMessageA 3474->3480 3481 404dd6 3475->3481 3476 404b29 SendMessageA 3476->3462 3482 404c1d GlobalFree 3477->3482 3477->3486 3478->3477 3479 404d8a 3479->3468 3487 404d9c ShowWindow GetDlgItem ShowWindow 3479->3487 3484 404bb8 3480->3484 3482->3486 3483 404a0e GetWindowLongA SetWindowLongA 3485 404a27 3483->3485 3497 404bc9 SendMessageA 3484->3497 3488 404a45 3485->3488 3489 404a2d ShowWindow 3485->3489 3486->3479 3495 40140b 2 API calls 3486->3495 3501 404c56 3486->3501 3487->3468 3508 403e92 SendMessageA 3488->3508 3507 403e92 SendMessageA 3489->3507 3490->3462 3490->3476 3491->3483 3494 404989 SendMessageA 3491->3494 3498 404a08 3491->3498 3499 4049c5 SendMessageA 3491->3499 3500 4049d6 SendMessageA 3491->3500 3494->3491 3495->3501 3496 404c9a 3502 404d60 InvalidateRect 3496->3502 3506 404d0e SendMessageA SendMessageA 3496->3506 3497->3464 3498->3483 3498->3485 3499->3491 3500->3491 3501->3496 3504 404c84 SendMessageA 3501->3504 3502->3479 3503 404d76 3502->3503 3514 404717 3503->3514 3504->3496 3506->3496 3507->3468 3508->3466 3510 4047bb SendMessageA 3509->3510 3511 40477f GetMessagePos ScreenToClient SendMessageA 3509->3511 3512 4047b3 3510->3512 3511->3512 3513 4047b8 3511->3513 3512->3490 3513->3510 3517 404652 3514->3517 3516 40472c 3516->3479 3518 404668 3517->3518 3519 405bc3 18 API calls 3518->3519 3520 4046cc 3519->3520 3521 405bc3 18 API calls 3520->3521 3522 4046d7 3521->3522 3523 405bc3 18 API calls 3522->3523 3524 4046ed lstrlenA wsprintfA SetDlgItemTextA 3523->3524 3524->3516 3525 404ddd 3526 404e02 3525->3526 3527 404deb 3525->3527 3529 404e10 IsWindowVisible 3526->3529 3535 404e27 3526->3535 3528 404df1 3527->3528 3543 404e6b 3527->3543 3530 403ea9 SendMessageA 3528->3530 3532 404e1d 3529->3532 3529->3543 3533 404dfb 3530->3533 3531 404e71 CallWindowProcA 3531->3533 3534 40475c 5 API calls 3532->3534 3534->3535 3535->3531 3544 405ba1 lstrcpynA 3535->3544 3537 404e56 3545 405aff wsprintfA 3537->3545 3539 404e5d 3540 40140b 2 API calls 3539->3540 3541 404e64 3540->3541 3546 405ba1 lstrcpynA 3541->3546 3543->3531 3544->3537 3545->3539 3546->3543 3547 4025e2 3548 4025e9 3547->3548 3551 40284e 3547->3551 3549 4029ef 18 API calls 3548->3549 3550 4025f4 3549->3550 3552 4025fb SetFilePointer 3550->3552 3552->3551 3553 40260b 3552->3553 3555 405aff wsprintfA 3553->3555 3555->3551 3556 401ae5 3557 402a0c 18 API calls 3556->3557 3558 401aec 3557->3558 3559 4029ef 18 API calls 3558->3559 3560 401af5 wsprintfA 3559->3560 3561 4028a1 3560->3561 3562 4019e6 3563 402a0c 18 API calls 3562->3563 3564 4019ef ExpandEnvironmentStringsA 3563->3564 3565 401a03 3564->3565 3567 401a16 3564->3567 3566 401a08 lstrcmpA 3565->3566 3565->3567 3566->3567 3568 401f67 3569 401f79 3568->3569 3570 402028 3568->3570 3571 402a0c 18 API calls 3569->3571 3572 401423 25 API calls 3570->3572 3573 401f80 3571->3573 3579 40217f 3572->3579 3574 402a0c 18 API calls 3573->3574 3575 401f89 3574->3575 3576 401f91 GetModuleHandleA 3575->3576 3577 401f9e LoadLibraryExA 3575->3577 3576->3577 3578 401fae GetProcAddress 3576->3578 3577->3570 3577->3578 3580 401ffb 3578->3580 3581 401fbe 3578->3581 3582 404e8d 25 API calls 3580->3582 3583 401423 25 API calls 3581->3583 3584 401fce 3581->3584 3582->3584 3583->3584 3584->3579 3585 40201c FreeLibrary 3584->3585 3585->3579 3586 4045ec 3587 404618 3586->3587 3588 4045fc 3586->3588 3590 40464b 3587->3590 3591 40461e SHGetPathFromIDListA 3587->3591 3597 405446 GetDlgItemTextA 3588->3597 3593 404635 SendMessageA 3591->3593 3594 40462e 3591->3594 3592 404609 SendMessageA 3592->3587 3593->3590 3595 40140b 2 API calls 3594->3595 3595->3593 3597->3592 3598 401c6d 3599 4029ef 18 API calls 3598->3599 3600 401c73 IsWindow 3599->3600 3601 4019d6 3600->3601 3602 4014f0 SetForegroundWindow 3603 4028a1 3602->3603 3604 403f71 lstrcpynA lstrlenA 3605 4016fa 3606 402a0c 18 API calls 3605->3606 3607 401701 SearchPathA 3606->3607 3608 4027cc 3607->3608 3609 40171c 3607->3609 3609->3608 3611 405ba1 lstrcpynA 3609->3611 3611->3608 3612 40287c SendMessageA 3613 4028a1 3612->3613 3614 402896 InvalidateRect 3612->3614 3614->3613 3615 40227d 3616 402a0c 18 API calls 3615->3616 3617 40228b 3616->3617 3618 402a0c 18 API calls 3617->3618 3619 402294 3618->3619 3620 402a0c 18 API calls 3619->3620 3621 40229e GetPrivateProfileStringA 3620->3621 3622 4014fe 3623 401506 3622->3623 3625 401519 3622->3625 3624 4029ef 18 API calls 3623->3624 3624->3625 3626 401000 3627 401037 BeginPaint GetClientRect 3626->3627 3628 40100c DefWindowProcA 3626->3628 3630 4010f3 3627->3630 3631 401179 3628->3631 3632 401073 CreateBrushIndirect FillRect DeleteObject 3630->3632 3633 4010fc 3630->3633 3632->3630 3634 401102 CreateFontIndirectA 3633->3634 3635 401167 EndPaint 3633->3635 3634->3635 3636 401112 6 API calls 3634->3636 3635->3631 3636->3635 3637 401b06 3638 401b57 3637->3638 3640 401b13 3637->3640 3641 401b80 GlobalAlloc 3638->3641 3642 401b5b 3638->3642 3639 402211 3645 405bc3 18 API calls 3639->3645 3640->3639 3648 401b2a 3640->3648 3644 405bc3 18 API calls 3641->3644 3643 401b9b 3642->3643 3658 405ba1 lstrcpynA 3642->3658 3644->3643 3647 40221e 3645->3647 3651 405462 MessageBoxIndirectA 3647->3651 3656 405ba1 lstrcpynA 3648->3656 3649 401b6d GlobalFree 3649->3643 3651->3643 3652 401b39 3657 405ba1 lstrcpynA 3652->3657 3654 401b48 3659 405ba1 lstrcpynA 3654->3659 3656->3652 3657->3654 3658->3649 3659->3643 3660 402188 3661 402a0c 18 API calls 3660->3661 3662 40218e 3661->3662 3663 402a0c 18 API calls 3662->3663 3664 402197 3663->3664 3665 402a0c 18 API calls 3664->3665 3666 4021a0 3665->3666 3667 405e9c 2 API calls 3666->3667 3668 4021a9 3667->3668 3669 4021ba lstrlenA lstrlenA 3668->3669 3673 4021ad 3668->3673 3670 404e8d 25 API calls 3669->3670 3672 4021f6 SHFileOperationA 3670->3672 3671 404e8d 25 API calls 3674 4021b5 3671->3674 3672->3673 3672->3674 3673->3671 3673->3674 2885 401389 2887 401390 2885->2887 2886 4013fe 2887->2886 2888 4013cb MulDiv SendMessageA 2887->2888 2888->2887 3675 40220a 3676 402211 3675->3676 3679 402224 3675->3679 3677 405bc3 18 API calls 3676->3677 3678 40221e 3677->3678 3680 405462 MessageBoxIndirectA 3678->3680 3680->3679 3681 40398a 3682 4039a2 3681->3682 3683 403add 3681->3683 3682->3683 3684 4039ae 3682->3684 3685 403b2e 3683->3685 3686 403aee GetDlgItem GetDlgItem 3683->3686 3687 4039b9 SetWindowPos 3684->3687 3688 4039cc 3684->3688 3690 403b88 3685->3690 3698 401389 2 API calls 3685->3698 3689 403e5d 19 API calls 3686->3689 3687->3688 3692 4039d1 ShowWindow 3688->3692 3693 4039e9 3688->3693 3694 403b18 SetClassLongA 3689->3694 3691 403ea9 SendMessageA 3690->3691 3740 403ad8 3690->3740 3738 403b9a 3691->3738 3692->3693 3695 4039f1 DestroyWindow 3693->3695 3696 403a0b 3693->3696 3697 40140b 2 API calls 3694->3697 3748 403de6 3695->3748 3700 403a10 SetWindowLongA 3696->3700 3701 403a21 3696->3701 3697->3685 3699 403b60 3698->3699 3699->3690 3702 403b64 SendMessageA 3699->3702 3700->3740 3705 403a2d GetDlgItem 3701->3705 3717 403a98 3701->3717 3702->3740 3703 40140b 2 API calls 3703->3738 3704 403de8 DestroyWindow EndDialog 3704->3748 3708 403a40 SendMessageA IsWindowEnabled 3705->3708 3709 403a5d 3705->3709 3706 403ec4 8 API calls 3706->3740 3707 403e17 ShowWindow 3707->3740 3708->3709 3708->3740 3711 403a6a 3709->3711 3712 403ab1 SendMessageA 3709->3712 3713 403a7d 3709->3713 3721 403a62 3709->3721 3710 405bc3 18 API calls 3710->3738 3711->3712 3711->3721 3712->3717 3715 403a85 3713->3715 3716 403a9a 3713->3716 3714 403e36 SendMessageA 3714->3717 3718 40140b 2 API calls 3715->3718 3719 40140b 2 API calls 3716->3719 3717->3706 3718->3721 3719->3721 3720 403e5d 19 API calls 3720->3738 3721->3714 3721->3717 3722 403e5d 19 API calls 3723 403c15 GetDlgItem 3722->3723 3724 403c32 ShowWindow EnableWindow 3723->3724 3725 403c2a 3723->3725 3749 403e7f EnableWindow 3724->3749 3725->3724 3727 403c5c EnableWindow 3730 403c70 3727->3730 3728 403c75 GetSystemMenu EnableMenuItem SendMessageA 3729 403ca5 SendMessageA 3728->3729 3728->3730 3729->3730 3730->3728 3750 403e92 SendMessageA 3730->3750 3751 405ba1 lstrcpynA 3730->3751 3733 403cd3 lstrlenA 3734 405bc3 18 API calls 3733->3734 3735 403ce4 SetWindowTextA 3734->3735 3736 401389 2 API calls 3735->3736 3736->3738 3737 403d28 DestroyWindow 3739 403d42 CreateDialogParamA 3737->3739 3737->3748 3738->3703 3738->3704 3738->3710 3738->3720 3738->3722 3738->3737 3738->3740 3741 403d75 3739->3741 3739->3748 3742 403e5d 19 API calls 3741->3742 3743 403d80 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3742->3743 3744 401389 2 API calls 3743->3744 3745 403dc6 3744->3745 3745->3740 3746 403dce ShowWindow 3745->3746 3747 403ea9 SendMessageA 3746->3747 3747->3748 3748->3707 3748->3740 3749->3727 3750->3730 3751->3733 3752 401c8a 3753 4029ef 18 API calls 3752->3753 3754 401c91 3753->3754 3755 4029ef 18 API calls 3754->3755 3756 401c99 GetDlgItem 3755->3756 3757 4024ce 3756->3757 3003 40310d SetErrorMode GetVersion 3004 403143 3003->3004 3005 403149 3003->3005 3006 405f2d 5 API calls 3004->3006 3007 405ec3 3 API calls 3005->3007 3006->3005 3008 40315e 3007->3008 3009 405ec3 3 API calls 3008->3009 3010 403168 3009->3010 3011 405ec3 3 API calls 3010->3011 3012 403172 3011->3012 3013 405f2d 5 API calls 3012->3013 3014 403179 3013->3014 3015 405f2d 5 API calls 3014->3015 3016 403180 #17 OleInitialize SHGetFileInfoA 3015->3016 3096 405ba1 lstrcpynA 3016->3096 3018 4031bd GetCommandLineA 3097 405ba1 lstrcpynA 3018->3097 3020 4031cf GetModuleHandleA 3021 4031e6 3020->3021 3022 4056bf CharNextA 3021->3022 3023 4031fa CharNextA 3022->3023 3031 403207 3023->3031 3024 403270 3025 403283 GetTempPathA 3024->3025 3098 4030dc 3025->3098 3027 403299 3028 4032bd DeleteFileA 3027->3028 3029 40329d GetWindowsDirectoryA lstrcatA 3027->3029 3108 402c38 GetTickCount GetModuleFileNameA 3028->3108 3032 4030dc 12 API calls 3029->3032 3030 4056bf CharNextA 3030->3031 3031->3024 3031->3030 3035 403272 3031->3035 3034 4032b9 3032->3034 3034->3028 3037 40333b ExitProcess OleUninitialize 3034->3037 3193 405ba1 lstrcpynA 3035->3193 3036 4032ce 3036->3037 3043 4056bf CharNextA 3036->3043 3075 403327 3036->3075 3039 403350 3037->3039 3040 40345f 3037->3040 3044 405462 MessageBoxIndirectA 3039->3044 3041 403502 ExitProcess 3040->3041 3045 405f2d 5 API calls 3040->3045 3048 4032e5 3043->3048 3049 40335e ExitProcess 3044->3049 3050 403472 3045->3050 3052 403302 3048->3052 3053 403366 3048->3053 3051 405f2d 5 API calls 3050->3051 3054 40347b 3051->3054 3056 405775 18 API calls 3052->3056 3196 4053e9 3053->3196 3057 405f2d 5 API calls 3054->3057 3059 40330d 3056->3059 3060 403484 3057->3060 3059->3037 3194 405ba1 lstrcpynA 3059->3194 3069 403492 GetCurrentProcess 3060->3069 3078 4034a2 3060->3078 3061 403387 lstrcatA lstrcmpiA 3061->3037 3064 4033a3 3061->3064 3062 40337c lstrcatA 3062->3061 3063 405f2d 5 API calls 3079 4034d9 3063->3079 3066 4033a8 3064->3066 3067 4033af 3064->3067 3199 40534f CreateDirectoryA 3066->3199 3204 4053cc CreateDirectoryA 3067->3204 3068 40331c 3195 405ba1 lstrcpynA 3068->3195 3069->3078 3070 4034ee ExitWindowsEx 3070->3041 3076 4034fb 3070->3076 3136 4035f4 3075->3136 3212 40140b 3076->3212 3077 4033b4 SetCurrentDirectoryA 3081 4033c3 3077->3081 3082 4033ce 3077->3082 3078->3063 3079->3070 3079->3076 3207 405ba1 lstrcpynA 3081->3207 3208 405ba1 lstrcpynA 3082->3208 3085 405bc3 18 API calls 3086 4033fe DeleteFileA 3085->3086 3087 40340b CopyFileA 3086->3087 3093 4033dc 3086->3093 3087->3093 3088 403453 3090 4058ef 40 API calls 3088->3090 3089 4058ef 40 API calls 3089->3093 3091 40345a 3090->3091 3091->3037 3092 405bc3 18 API calls 3092->3093 3093->3085 3093->3088 3093->3089 3093->3092 3095 40343f CloseHandle 3093->3095 3209 405401 CreateProcessA 3093->3209 3095->3093 3096->3018 3097->3020 3099 405e03 5 API calls 3098->3099 3100 4030e8 3099->3100 3101 4030f2 3100->3101 3102 405694 3 API calls 3100->3102 3101->3027 3103 4030fa 3102->3103 3104 4053cc 2 API calls 3103->3104 3105 403100 3104->3105 3215 4058a7 3105->3215 3219 405878 GetFileAttributesA CreateFileA 3108->3219 3110 402c78 3135 402c88 3110->3135 3220 405ba1 lstrcpynA 3110->3220 3112 402c9e 3113 4056db 2 API calls 3112->3113 3114 402ca4 3113->3114 3221 405ba1 lstrcpynA 3114->3221 3116 402caf GetFileSize 3117 402dab 3116->3117 3129 402cc6 3116->3129 3222 402bd4 3117->3222 3119 402db4 3121 402de4 GlobalAlloc 3119->3121 3119->3135 3233 4030c5 SetFilePointer 3119->3233 3120 403093 ReadFile 3120->3129 3234 4030c5 SetFilePointer 3121->3234 3123 402e17 3127 402bd4 6 API calls 3123->3127 3125 402dcd 3128 403093 ReadFile 3125->3128 3126 402dff 3130 402e71 33 API calls 3126->3130 3127->3135 3131 402dd8 3128->3131 3129->3117 3129->3120 3129->3123 3132 402bd4 6 API calls 3129->3132 3129->3135 3133 402e0b 3130->3133 3131->3121 3131->3135 3132->3129 3133->3133 3134 402e48 SetFilePointer 3133->3134 3133->3135 3134->3135 3135->3036 3137 405f2d 5 API calls 3136->3137 3138 403608 3137->3138 3139 403620 3138->3139 3140 40360e 3138->3140 3141 405a88 3 API calls 3139->3141 3248 405aff wsprintfA 3140->3248 3142 403641 3141->3142 3143 40365f lstrcatA 3142->3143 3145 405a88 3 API calls 3142->3145 3146 40361e 3143->3146 3145->3143 3239 4038bd 3146->3239 3149 405775 18 API calls 3150 403691 3149->3150 3151 40371a 3150->3151 3153 405a88 3 API calls 3150->3153 3152 405775 18 API calls 3151->3152 3154 403720 3152->3154 3156 4036bd 3153->3156 3155 403730 LoadImageA 3154->3155 3157 405bc3 18 API calls 3154->3157 3158 4037e4 3155->3158 3159 40375b RegisterClassA 3155->3159 3156->3151 3160 4036d9 lstrlenA 3156->3160 3163 4056bf CharNextA 3156->3163 3157->3155 3162 40140b 2 API calls 3158->3162 3161 403797 SystemParametersInfoA CreateWindowExA 3159->3161 3191 403337 3159->3191 3164 4036e7 lstrcmpiA 3160->3164 3165 40370d 3160->3165 3161->3158 3166 4037ea 3162->3166 3167 4036d7 3163->3167 3164->3165 3168 4036f7 GetFileAttributesA 3164->3168 3169 405694 3 API calls 3165->3169 3171 4038bd 19 API calls 3166->3171 3166->3191 3167->3160 3170 403703 3168->3170 3172 403713 3169->3172 3170->3165 3173 4056db 2 API calls 3170->3173 3174 4037fb 3171->3174 3249 405ba1 lstrcpynA 3172->3249 3173->3165 3176 403807 ShowWindow 3174->3176 3177 40388a 3174->3177 3179 405ec3 3 API calls 3176->3179 3250 404f5f OleInitialize 3177->3250 3181 40381f 3179->3181 3180 403890 3182 403894 3180->3182 3183 4038ac 3180->3183 3184 40382d GetClassInfoA 3181->3184 3186 405ec3 3 API calls 3181->3186 3190 40140b 2 API calls 3182->3190 3182->3191 3185 40140b 2 API calls 3183->3185 3187 403841 GetClassInfoA RegisterClassA 3184->3187 3188 403857 DialogBoxParamA 3184->3188 3185->3191 3186->3184 3187->3188 3189 40140b 2 API calls 3188->3189 3192 40387f 3189->3192 3190->3191 3191->3037 3192->3191 3193->3025 3194->3068 3195->3075 3197 405f2d 5 API calls 3196->3197 3198 40336b lstrcatA 3197->3198 3198->3061 3198->3062 3200 4053a0 GetLastError 3199->3200 3201 4033ad 3199->3201 3200->3201 3202 4053af SetFileSecurityA 3200->3202 3201->3077 3202->3201 3203 4053c5 GetLastError 3202->3203 3203->3201 3205 4053e0 GetLastError 3204->3205 3206 4053dc 3204->3206 3205->3206 3206->3077 3207->3082 3208->3093 3210 405430 CloseHandle 3209->3210 3211 40543c 3209->3211 3210->3211 3211->3093 3213 401389 2 API calls 3212->3213 3214 401420 3213->3214 3214->3041 3216 4058b2 GetTickCount GetTempFileNameA 3215->3216 3217 4058de 3216->3217 3218 40310b 3216->3218 3217->3216 3217->3218 3218->3027 3219->3110 3220->3112 3221->3116 3223 402bf5 3222->3223 3224 402bdd 3222->3224 3225 402c05 GetTickCount 3223->3225 3226 402bfd 3223->3226 3227 402be6 DestroyWindow 3224->3227 3228 402bed 3224->3228 3230 402c13 CreateDialogParamA ShowWindow 3225->3230 3231 402c36 3225->3231 3235 405f69 3226->3235 3227->3228 3228->3119 3230->3231 3231->3119 3233->3125 3234->3126 3236 405f86 PeekMessageA 3235->3236 3237 402c03 3236->3237 3238 405f7c DispatchMessageA 3236->3238 3237->3119 3238->3236 3240 4038d1 3239->3240 3257 405aff wsprintfA 3240->3257 3242 403942 3243 405bc3 18 API calls 3242->3243 3244 40394e SetWindowTextA 3243->3244 3245 40366f 3244->3245 3246 40396a 3244->3246 3245->3149 3246->3245 3247 405bc3 18 API calls 3246->3247 3247->3246 3248->3146 3249->3151 3258 403ea9 3250->3258 3252 403ea9 SendMessageA 3254 404fbb OleUninitialize 3252->3254 3253 404f82 3256 404fa9 3253->3256 3261 401389 3253->3261 3254->3180 3256->3252 3257->3242 3259 403ec1 3258->3259 3260 403eb2 SendMessageA 3258->3260 3259->3253 3260->3259 3263 401390 3261->3263 3262 4013fe 3262->3253 3263->3262 3264 4013cb MulDiv SendMessageA 3263->3264 3264->3263 3764 401490 3765 404e8d 25 API calls 3764->3765 3766 401497 3765->3766 3767 402611 3768 4028a1 3767->3768 3769 402618 3767->3769 3770 40261e FindClose 3769->3770 3770->3768 3771 402692 3772 402a0c 18 API calls 3771->3772 3774 4026a0 3772->3774 3773 4026b6 3776 405859 2 API calls 3773->3776 3774->3773 3775 402a0c 18 API calls 3774->3775 3775->3773 3777 4026bc 3776->3777 3797 405878 GetFileAttributesA CreateFileA 3777->3797 3779 4026c9 3780 402772 3779->3780 3781 4026d5 GlobalAlloc 3779->3781 3782 40277a DeleteFileA 3780->3782 3783 40278d 3780->3783 3784 402769 CloseHandle 3781->3784 3785 4026ee 3781->3785 3782->3783 3784->3780 3798 4030c5 SetFilePointer 3785->3798 3787 4026f4 3788 403093 ReadFile 3787->3788 3789 4026fd GlobalAlloc 3788->3789 3790 402741 WriteFile GlobalFree 3789->3790 3791 40270d 3789->3791 3793 402e71 33 API calls 3790->3793 3792 402e71 33 API calls 3791->3792 3796 40271a 3792->3796 3794 402766 3793->3794 3794->3784 3795 402738 GlobalFree 3795->3790 3796->3795 3797->3779 3798->3787 3799 402793 3800 4029ef 18 API calls 3799->3800 3801 402799 3800->3801 3802 4027d4 3801->3802 3803 4027bd 3801->3803 3809 402672 3801->3809 3804 4027ea 3802->3804 3805 4027de 3802->3805 3806 4027c2 3803->3806 3812 4027d1 3803->3812 3808 405bc3 18 API calls 3804->3808 3807 4029ef 18 API calls 3805->3807 3813 405ba1 lstrcpynA 3806->3813 3807->3812 3808->3812 3812->3809 3814 405aff wsprintfA 3812->3814 3813->3809 3814->3809 3815 401595 3816 402a0c 18 API calls 3815->3816 3817 40159c SetFileAttributesA 3816->3817 3818 4015ae 3817->3818 3819 401e95 3820 402a0c 18 API calls 3819->3820 3821 401e9c 3820->3821 3822 405e9c 2 API calls 3821->3822 3823 401ea2 3822->3823 3825 401eb4 3823->3825 3826 405aff wsprintfA 3823->3826 3826->3825 3827 401696 3828 402a0c 18 API calls 3827->3828 3829 40169c GetFullPathNameA 3828->3829 3830 4016d4 3829->3830 3831 4016b3 3829->3831 3832 4028a1 3830->3832 3833 4016e8 GetShortPathNameA 3830->3833 3831->3830 3834 405e9c 2 API calls 3831->3834 3833->3832 3835 4016c4 3834->3835 3835->3830 3837 405ba1 lstrcpynA 3835->3837 3837->3830 3838 402319 3839 40231f 3838->3839 3840 402a0c 18 API calls 3839->3840 3841 402331 3840->3841 3842 402a0c 18 API calls 3841->3842 3843 40233b RegCreateKeyExA 3842->3843 3844 4028a1 3843->3844 3845 402365 3843->3845 3846 40237d 3845->3846 3847 402a0c 18 API calls 3845->3847 3848 402389 3846->3848 3850 4029ef 18 API calls 3846->3850 3849 402376 lstrlenA 3847->3849 3851 4023a4 RegSetValueExA 3848->3851 3852 402e71 33 API calls 3848->3852 3849->3846 3850->3848 3853 4023ba RegCloseKey 3851->3853 3852->3851 3853->3844 3855 402819 3856 4029ef 18 API calls 3855->3856 3857 40281f 3856->3857 3858 402850 3857->3858 3860 40282d 3857->3860 3861 402672 3857->3861 3859 405bc3 18 API calls 3858->3859 3858->3861 3859->3861 3860->3861 3863 405aff wsprintfA 3860->3863 3863->3861 2889 40351a 2890 403532 2889->2890 2891 403524 CloseHandle 2889->2891 2896 40355f 2890->2896 2891->2890 2897 40356d 2896->2897 2898 403537 2897->2898 2899 403572 FreeLibrary GlobalFree 2897->2899 2900 4054c6 2898->2900 2899->2898 2899->2899 2938 405775 2900->2938 2903 4054e3 DeleteFileA 2933 403543 2903->2933 2904 4054fa 2905 40562f 2904->2905 2953 405ba1 lstrcpynA 2904->2953 2910 405e9c 2 API calls 2905->2910 2905->2933 2907 405524 2908 405535 2907->2908 2909 405528 lstrcatA 2907->2909 2954 4056db lstrlenA 2908->2954 2911 40553b 2909->2911 2914 405654 2910->2914 2913 405549 lstrcatA 2911->2913 2915 405554 lstrlenA FindFirstFileA 2911->2915 2913->2915 2916 405694 3 API calls 2914->2916 2914->2933 2915->2905 2919 405578 2915->2919 2918 40565e 2916->2918 2917 4056bf CharNextA 2917->2919 2920 405859 2 API calls 2918->2920 2919->2917 2925 40560e FindNextFileA 2919->2925 2931 405859 2 API calls 2919->2931 2932 4054c6 61 API calls 2919->2932 2935 404e8d 25 API calls 2919->2935 2936 404e8d 25 API calls 2919->2936 2958 405ba1 lstrcpynA 2919->2958 2959 4058ef 2919->2959 2921 405664 RemoveDirectoryA 2920->2921 2922 405686 2921->2922 2923 40566f 2921->2923 2924 404e8d 25 API calls 2922->2924 2928 404e8d 25 API calls 2923->2928 2923->2933 2924->2933 2925->2919 2927 405626 FindClose 2925->2927 2927->2905 2929 40567d 2928->2929 2930 4058ef 40 API calls 2929->2930 2930->2933 2934 4055db DeleteFileA 2931->2934 2932->2919 2934->2919 2935->2925 2936->2919 2985 405ba1 lstrcpynA 2938->2985 2940 405786 2941 405728 4 API calls 2940->2941 2942 40578c 2941->2942 2943 4054da 2942->2943 2944 405e03 5 API calls 2942->2944 2943->2903 2943->2904 2945 40579c 2944->2945 2945->2943 2951 4057af 2945->2951 2946 4057c7 lstrlenA 2947 4057d2 2946->2947 2946->2951 2948 405694 3 API calls 2947->2948 2950 4057d7 GetFileAttributesA 2948->2950 2949 405e9c 2 API calls 2949->2951 2950->2943 2951->2943 2951->2946 2951->2949 2952 4056db 2 API calls 2951->2952 2952->2946 2953->2907 2955 4056e8 2954->2955 2956 4056f9 2955->2956 2957 4056ed CharPrevA 2955->2957 2956->2911 2957->2955 2957->2956 2958->2919 2986 405f2d GetModuleHandleA 2959->2986 2962 405957 GetShortPathNameA 2963 405a4c 2962->2963 2964 40596c 2962->2964 2963->2919 2964->2963 2966 405974 wsprintfA 2964->2966 2968 405bc3 18 API calls 2966->2968 2967 40593b CloseHandle GetShortPathNameA 2967->2963 2969 40594f 2967->2969 2970 40599c 2968->2970 2969->2962 2969->2963 2993 405878 GetFileAttributesA CreateFileA 2970->2993 2972 4059a9 2972->2963 2973 4059b8 GetFileSize GlobalAlloc 2972->2973 2974 405a45 CloseHandle 2973->2974 2975 4059d6 ReadFile 2973->2975 2974->2963 2975->2974 2976 4059ea 2975->2976 2976->2974 2994 4057ed lstrlenA 2976->2994 2979 405a59 2981 4057ed 4 API calls 2979->2981 2980 4059ff 2999 405ba1 lstrcpynA 2980->2999 2983 405a0d 2981->2983 2984 405a20 SetFilePointer WriteFile GlobalFree 2983->2984 2984->2974 2985->2940 2987 405f53 GetProcAddress 2986->2987 2988 405f49 2986->2988 2990 4058fa 2987->2990 3000 405ec3 GetSystemDirectoryA 2988->3000 2990->2962 2990->2963 2992 405878 GetFileAttributesA CreateFileA 2990->2992 2991 405f4f 2991->2987 2991->2990 2992->2967 2993->2972 2995 405823 lstrlenA 2994->2995 2996 405801 lstrcmpiA 2995->2996 2998 40582d 2995->2998 2997 40581a CharNextA 2996->2997 2996->2998 2997->2995 2998->2979 2998->2980 2999->2983 3001 405ee5 wsprintfA LoadLibraryA 3000->3001 3001->2991 3864 401d1b GetDC GetDeviceCaps 3865 4029ef 18 API calls 3864->3865 3866 401d37 MulDiv 3865->3866 3867 4029ef 18 API calls 3866->3867 3868 401d4c 3867->3868 3869 405bc3 18 API calls 3868->3869 3870 401d85 CreateFontIndirectA 3869->3870 3871 4024ce 3870->3871 3872 401e1b 3873 402a0c 18 API calls 3872->3873 3874 401e21 3873->3874 3875 404e8d 25 API calls 3874->3875 3876 401e2b 3875->3876 3877 405401 2 API calls 3876->3877 3881 401e31 3877->3881 3878 401e87 CloseHandle 3880 402672 3878->3880 3879 401e50 WaitForSingleObject 3879->3881 3882 401e5e GetExitCodeProcess 3879->3882 3881->3878 3881->3879 3881->3880 3883 405f69 2 API calls 3881->3883 3884 401e70 3882->3884 3885 401e79 3882->3885 3883->3879 3887 405aff wsprintfA 3884->3887 3885->3878 3887->3885 3888 40429b 3889 4042c7 3888->3889 3890 4042d8 3888->3890 3949 405446 GetDlgItemTextA 3889->3949 3892 4042e4 GetDlgItem 3890->3892 3893 404343 3890->3893 3895 4042f8 3892->3895 3900 405bc3 18 API calls 3893->3900 3909 404427 3893->3909 3947 4045d1 3893->3947 3894 4042d2 3896 405e03 5 API calls 3894->3896 3898 40430c SetWindowTextA 3895->3898 3899 405728 4 API calls 3895->3899 3896->3890 3902 403e5d 19 API calls 3898->3902 3908 404302 3899->3908 3904 4043b7 SHBrowseForFolderA 3900->3904 3901 404457 3905 405775 18 API calls 3901->3905 3906 404328 3902->3906 3903 403ec4 8 API calls 3907 4045e5 3903->3907 3904->3909 3910 4043cf CoTaskMemFree 3904->3910 3911 40445d 3905->3911 3912 403e5d 19 API calls 3906->3912 3908->3898 3913 405694 3 API calls 3908->3913 3909->3947 3951 405446 GetDlgItemTextA 3909->3951 3914 405694 3 API calls 3910->3914 3952 405ba1 lstrcpynA 3911->3952 3915 404336 3912->3915 3913->3898 3916 4043dc 3914->3916 3950 403e92 SendMessageA 3915->3950 3919 404413 SetDlgItemTextA 3916->3919 3924 405bc3 18 API calls 3916->3924 3919->3909 3920 40433c 3922 405f2d 5 API calls 3920->3922 3921 404474 3923 405f2d 5 API calls 3921->3923 3922->3893 3930 40447b 3923->3930 3925 4043fb lstrcmpiA 3924->3925 3925->3919 3928 40440c lstrcatA 3925->3928 3926 4044b7 3953 405ba1 lstrcpynA 3926->3953 3928->3919 3929 4044be 3931 405728 4 API calls 3929->3931 3930->3926 3934 4056db 2 API calls 3930->3934 3936 40450f 3930->3936 3932 4044c4 GetDiskFreeSpaceA 3931->3932 3935 4044e8 MulDiv 3932->3935 3932->3936 3934->3930 3935->3936 3937 404580 3936->3937 3939 404717 21 API calls 3936->3939 3938 4045a3 3937->3938 3940 40140b 2 API calls 3937->3940 3954 403e7f EnableWindow 3938->3954 3941 40456d 3939->3941 3940->3938 3943 404582 SetDlgItemTextA 3941->3943 3944 404572 3941->3944 3943->3937 3946 404652 21 API calls 3944->3946 3945 4045bf 3945->3947 3955 404230 3945->3955 3946->3937 3947->3903 3949->3894 3950->3920 3951->3901 3952->3921 3953->3929 3954->3945 3956 404243 SendMessageA 3955->3956 3957 40423e 3955->3957 3956->3947 3957->3956 3958 40251c 3959 4029ef 18 API calls 3958->3959 3961 402526 3959->3961 3960 40255a ReadFile 3960->3961 3965 40259c 3960->3965 3961->3960 3962 40259e 3961->3962 3963 4025ae 3961->3963 3961->3965 3967 405aff wsprintfA 3962->3967 3963->3965 3966 4025c4 SetFilePointer 3963->3966 3966->3965 3967->3965 3968 401721 3969 402a0c 18 API calls 3968->3969 3970 401728 3969->3970 3971 4058a7 2 API calls 3970->3971 3972 40172f 3971->3972 3972->3972 3973 401922 3974 402a0c 18 API calls 3973->3974 3975 401929 lstrlenA 3974->3975 3976 4024ce 3975->3976 3977 403fa5 3978 403fbb 3977->3978 3983 4040c8 3977->3983 3981 403e5d 19 API calls 3978->3981 3979 404137 3980 40420b 3979->3980 3982 404141 GetDlgItem 3979->3982 3988 403ec4 8 API calls 3980->3988 3984 404011 3981->3984 3985 404157 3982->3985 3986 4041c9 3982->3986 3983->3979 3983->3980 3987 40410c GetDlgItem SendMessageA 3983->3987 3989 403e5d 19 API calls 3984->3989 3985->3986 3994 40417d 6 API calls 3985->3994 3986->3980 3990 4041db 3986->3990 4008 403e7f EnableWindow 3987->4008 3992 404206 3988->3992 3993 40401e CheckDlgButton 3989->3993 3995 4041e1 SendMessageA 3990->3995 3996 4041f2 3990->3996 4006 403e7f EnableWindow 3993->4006 3994->3986 3995->3996 3996->3992 3999 4041f8 SendMessageA 3996->3999 3997 404132 4000 404230 SendMessageA 3997->4000 3999->3992 4000->3979 4001 40403c GetDlgItem 4007 403e92 SendMessageA 4001->4007 4003 404052 SendMessageA 4004 404070 GetSysColor 4003->4004 4005 404079 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4003->4005 4004->4005 4005->3992 4006->4001 4007->4003 4008->3997 4009 401ca5 4010 4029ef 18 API calls 4009->4010 4011 401cb5 SetWindowLongA 4010->4011 4012 4028a1 4011->4012 4013 401a26 4014 4029ef 18 API calls 4013->4014 4015 401a2c 4014->4015 4016 4029ef 18 API calls 4015->4016 4017 4019d6 4016->4017 4018 40262b 4019 402646 4018->4019 4020 40262e 4018->4020 4021 4027cc 4019->4021 4024 405ba1 lstrcpynA 4019->4024 4022 40263b FindNextFileA 4020->4022 4022->4019 4024->4021 4025 401bad 4026 4029ef 18 API calls 4025->4026 4027 401bb4 4026->4027 4028 4029ef 18 API calls 4027->4028 4029 401bbe 4028->4029 4030 402a0c 18 API calls 4029->4030 4034 401bce 4029->4034 4030->4034 4031 402a0c 18 API calls 4035 401bde 4031->4035 4032 401be9 4036 4029ef 18 API calls 4032->4036 4033 401c2d 4037 402a0c 18 API calls 4033->4037 4034->4031 4034->4035 4035->4032 4035->4033 4038 401bee 4036->4038 4039 401c32 4037->4039 4040 4029ef 18 API calls 4038->4040 4041 402a0c 18 API calls 4039->4041 4043 401bf7 4040->4043 4042 401c3b FindWindowExA 4041->4042 4046 401c59 4042->4046 4044 401c1d SendMessageA 4043->4044 4045 401bff SendMessageTimeoutA 4043->4045 4044->4046 4045->4046 4047 4024b2 4048 402a0c 18 API calls 4047->4048 4049 4024b9 4048->4049 4052 405878 GetFileAttributesA CreateFileA 4049->4052 4051 4024c5 4052->4051 4053 4035b2 4054 4035bd 4053->4054 4055 4035c1 4054->4055 4056 4035c4 GlobalAlloc 4054->4056 4056->4055 2722 4015b3 2740 402a0c 2722->2740 2726 40160a 2728 40162d 2726->2728 2729 40160f 2726->2729 2733 401423 25 API calls 2728->2733 2756 401423 2729->2756 2739 40217f 2733->2739 2734 4015e5 GetLastError 2736 4015f2 GetFileAttributesA 2734->2736 2737 4015c2 2734->2737 2736->2737 2737->2726 2752 4056bf 2737->2752 2738 401621 SetCurrentDirectoryA 2738->2739 2741 402a18 2740->2741 2760 405bc3 2741->2760 2744 4015ba 2746 405728 CharNextA CharNextA 2744->2746 2747 405742 2746->2747 2751 40574e 2746->2751 2749 405749 CharNextA 2747->2749 2747->2751 2748 40576b 2748->2737 2749->2748 2750 4056bf CharNextA 2750->2751 2751->2748 2751->2750 2753 4056c5 2752->2753 2754 4015d0 CreateDirectoryA 2753->2754 2755 4056cb CharNextA 2753->2755 2754->2734 2754->2737 2755->2753 2795 404e8d 2756->2795 2759 405ba1 lstrcpynA 2759->2738 2765 405bd0 2760->2765 2761 405dea 2762 402a39 2761->2762 2794 405ba1 lstrcpynA 2761->2794 2762->2744 2778 405e03 2762->2778 2764 405c68 GetVersion 2764->2765 2765->2761 2765->2764 2766 405dc1 lstrlenA 2765->2766 2769 405bc3 10 API calls 2765->2769 2770 405ce0 GetSystemDirectoryA 2765->2770 2772 405cf3 GetWindowsDirectoryA 2765->2772 2773 405e03 5 API calls 2765->2773 2774 405d6a lstrcatA 2765->2774 2775 405d27 SHGetSpecialFolderLocation 2765->2775 2776 405bc3 10 API calls 2765->2776 2787 405a88 RegOpenKeyExA 2765->2787 2792 405aff wsprintfA 2765->2792 2793 405ba1 lstrcpynA 2765->2793 2766->2765 2769->2766 2770->2765 2772->2765 2773->2765 2774->2765 2775->2765 2777 405d3f SHGetPathFromIDListA CoTaskMemFree 2775->2777 2776->2765 2777->2765 2785 405e0f 2778->2785 2779 405e77 2780 405e7b CharPrevA 2779->2780 2782 405e96 2779->2782 2780->2779 2781 405e6c CharNextA 2781->2779 2781->2785 2782->2744 2783 4056bf CharNextA 2783->2785 2784 405e5a CharNextA 2784->2785 2785->2779 2785->2781 2785->2783 2785->2784 2786 405e67 CharNextA 2785->2786 2786->2781 2788 405af9 2787->2788 2789 405abb RegQueryValueExA 2787->2789 2788->2765 2790 405adc RegCloseKey 2789->2790 2790->2788 2792->2765 2793->2765 2794->2762 2796 401431 2795->2796 2797 404ea8 2795->2797 2796->2759 2798 404ec5 lstrlenA 2797->2798 2799 405bc3 18 API calls 2797->2799 2800 404ed3 lstrlenA 2798->2800 2801 404eee 2798->2801 2799->2798 2800->2796 2802 404ee5 lstrcatA 2800->2802 2803 404f01 2801->2803 2804 404ef4 SetWindowTextA 2801->2804 2802->2801 2803->2796 2805 404f07 SendMessageA SendMessageA SendMessageA 2803->2805 2804->2803 2805->2796 2806 401734 2807 402a0c 18 API calls 2806->2807 2808 40173b 2807->2808 2809 401761 2808->2809 2810 401759 2808->2810 2871 405ba1 lstrcpynA 2809->2871 2870 405ba1 lstrcpynA 2810->2870 2813 40175f 2816 405e03 5 API calls 2813->2816 2814 40176c 2872 405694 lstrlenA CharPrevA 2814->2872 2820 40177e 2816->2820 2818 401789 2818->2820 2823 401795 CompareFileTime 2818->2823 2875 405e9c FindFirstFileA 2818->2875 2820->2818 2824 401859 2820->2824 2826 405ba1 lstrcpynA 2820->2826 2832 405bc3 18 API calls 2820->2832 2844 401830 2820->2844 2845 405859 GetFileAttributesA 2820->2845 2848 405878 GetFileAttributesA CreateFileA 2820->2848 2878 405462 2820->2878 2823->2818 2825 404e8d 25 API calls 2824->2825 2827 401863 2825->2827 2826->2820 2849 402e71 2827->2849 2828 404e8d 25 API calls 2834 401845 2828->2834 2831 40188a SetFileTime 2833 40189c FindCloseChangeNotification 2831->2833 2832->2820 2833->2834 2835 4018ad 2833->2835 2836 4018b2 2835->2836 2837 4018c5 2835->2837 2838 405bc3 18 API calls 2836->2838 2839 405bc3 18 API calls 2837->2839 2842 4018ba lstrcatA 2838->2842 2840 4018cd 2839->2840 2843 405462 MessageBoxIndirectA 2840->2843 2842->2840 2843->2834 2844->2828 2844->2834 2846 405875 2845->2846 2847 405868 SetFileAttributesA 2845->2847 2846->2820 2847->2846 2848->2820 2850 402e87 2849->2850 2851 402eb5 2850->2851 2884 4030c5 SetFilePointer 2850->2884 2882 403093 ReadFile 2851->2882 2855 402ed2 GetTickCount 2857 401876 2855->2857 2866 402f21 2855->2866 2856 403027 2858 40302b 2856->2858 2859 403043 2856->2859 2857->2831 2857->2833 2861 403093 ReadFile 2858->2861 2859->2857 2862 403093 ReadFile 2859->2862 2863 40305e WriteFile 2859->2863 2860 403093 ReadFile 2860->2866 2861->2857 2862->2859 2863->2857 2864 403073 2863->2864 2864->2857 2864->2859 2865 402f77 GetTickCount 2865->2866 2866->2857 2866->2860 2866->2865 2867 402f9c MulDiv wsprintfA 2866->2867 2868 402fda WriteFile 2866->2868 2869 404e8d 25 API calls 2867->2869 2868->2857 2868->2866 2869->2866 2870->2813 2871->2814 2873 401772 lstrcatA 2872->2873 2874 4056ae lstrcatA 2872->2874 2873->2813 2874->2873 2876 405eb2 FindClose 2875->2876 2877 405ebd 2875->2877 2876->2877 2877->2818 2879 405477 2878->2879 2880 4054c3 2879->2880 2881 40548b MessageBoxIndirectA 2879->2881 2880->2820 2881->2880 2883 402ec0 2882->2883 2883->2855 2883->2856 2883->2857 2884->2851 4057 401634 4058 402a0c 18 API calls 4057->4058 4059 40163a 4058->4059 4060 405e9c 2 API calls 4059->4060 4061 401640 4060->4061 4062 401934 4063 4029ef 18 API calls 4062->4063 4064 40193b 4063->4064 4065 4029ef 18 API calls 4064->4065 4066 401945 4065->4066 4067 402a0c 18 API calls 4066->4067 4068 40194e 4067->4068 4069 401961 lstrlenA 4068->4069 4073 40199c 4068->4073 4070 40196b 4069->4070 4070->4073 4075 405ba1 lstrcpynA 4070->4075 4072 401985 4072->4073 4074 401992 lstrlenA 4072->4074 4074->4073 4075->4072 4076 4019b5 4077 402a0c 18 API calls 4076->4077 4078 4019bc 4077->4078 4079 402a0c 18 API calls 4078->4079 4080 4019c5 4079->4080 4081 4019cc lstrcmpiA 4080->4081 4082 4019de lstrcmpA 4080->4082 4083 4019d2 4081->4083 4082->4083 4084 402036 4085 402a0c 18 API calls 4084->4085 4086 40203d 4085->4086 4087 402a0c 18 API calls 4086->4087 4088 402047 4087->4088 4089 402a0c 18 API calls 4088->4089 4090 402050 4089->4090 4091 402a0c 18 API calls 4090->4091 4092 40205a 4091->4092 4093 402a0c 18 API calls 4092->4093 4094 402064 4093->4094 4095 402078 CoCreateInstance 4094->4095 4096 402a0c 18 API calls 4094->4096 4099 402097 4095->4099 4100 40214d 4095->4100 4096->4095 4097 401423 25 API calls 4098 40217f 4097->4098 4099->4100 4101 40212c MultiByteToWideChar 4099->4101 4100->4097 4100->4098 4101->4100 4102 4014b7 4103 4014bd 4102->4103 4104 401389 2 API calls 4103->4104 4105 4014c5 4104->4105 4106 402239 4107 402241 4106->4107 4108 402247 4106->4108 4110 402a0c 18 API calls 4107->4110 4109 402257 4108->4109 4111 402a0c 18 API calls 4108->4111 4112 402265 4109->4112 4113 402a0c 18 API calls 4109->4113 4110->4108 4111->4109 4114 402a0c 18 API calls 4112->4114 4113->4112 4115 40226e WritePrivateProfileStringA 4114->4115 4116 40243d 4117 402b16 19 API calls 4116->4117 4118 402447 4117->4118 4119 4029ef 18 API calls 4118->4119 4120 402450 4119->4120 4121 402473 RegEnumValueA 4120->4121 4122 402467 RegEnumKeyA 4120->4122 4124 402672 4120->4124 4123 40248c RegCloseKey 4121->4123 4121->4124 4122->4123 4123->4124 4126 4022bd 4127 4022c2 4126->4127 4128 4022ed 4126->4128 4130 402b16 19 API calls 4127->4130 4129 402a0c 18 API calls 4128->4129 4131 4022f4 4129->4131 4132 4022c9 4130->4132 4137 402a4c RegOpenKeyExA 4131->4137 4133 402a0c 18 API calls 4132->4133 4136 40230a 4132->4136 4135 4022da RegDeleteValueA RegCloseKey 4133->4135 4135->4136 4139 402a77 4137->4139 4145 402ac3 4137->4145 4138 402a9d RegEnumKeyA 4138->4139 4140 402aaf RegCloseKey 4138->4140 4139->4138 4139->4140 4142 402ad4 RegCloseKey 4139->4142 4143 402a4c 5 API calls 4139->4143 4141 405f2d 5 API calls 4140->4141 4144 402abf 4141->4144 4142->4145 4143->4139 4144->4145 4146 402aef RegDeleteKeyA 4144->4146 4145->4136 4146->4145

                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                              Function 0040310D Relevance: 84.3, APIs: 26, Strings: 22, Instructions: 313stringfilecomCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 0 40310d-403141 SetErrorMode GetVersion 1 403143-40314b call 405f2d 0->1 2 403154-4031e4 call 405ec3 * 3 call 405f2d * 2 #17 OleInitialize SHGetFileInfoA call 405ba1 GetCommandLineA call 405ba1 GetModuleHandleA 0->2 1->2 7 40314d 1->7 20 4031f0-403205 call 4056bf CharNextA 2->20 21 4031e6-4031eb 2->21 7->2 24 40326a-40326e 20->24 21->20 25 403270 24->25 26 403207-40320a 24->26 29 403283-40329b GetTempPathA call 4030dc 25->29 27 403212-40321a 26->27 28 40320c-403210 26->28 31 403222-403225 27->31 32 40321c-40321d 27->32 28->27 28->28 38 4032bd-4032d4 DeleteFileA call 402c38 29->38 39 40329d-4032bb GetWindowsDirectoryA lstrcatA call 4030dc 29->39 33 403227-40322b 31->33 34 40325a-403267 call 4056bf 31->34 32->31 36 40323b-403241 33->36 37 40322d-403236 33->37 34->24 51 403269 34->51 43 403251-403258 36->43 44 403243-40324c 36->44 37->36 41 403238 37->41 52 40333b-40334a ExitProcess OleUninitialize 38->52 53 4032d6-4032dc 38->53 39->38 39->52 41->36 43->34 49 403272-40327e call 405ba1 43->49 44->43 48 40324e 44->48 48->43 49->29 51->24 57 403350-403360 call 405462 ExitProcess 52->57 58 40345f-403465 52->58 55 40332b-403332 call 4035f4 53->55 56 4032de-4032e7 call 4056bf 53->56 65 403337 55->65 71 4032f2-4032f4 56->71 59 403502-40350a 58->59 60 40346b-403488 call 405f2d * 3 58->60 66 403510-403514 ExitProcess 59->66 67 40350c 59->67 88 4034d2-4034e0 call 405f2d 60->88 89 40348a-40348c 60->89 65->52 67->66 72 4032f6-403300 71->72 73 4032e9-4032ef 71->73 75 403302-40330f call 405775 72->75 76 403366-40337a call 4053e9 lstrcatA 72->76 73->72 78 4032f1 73->78 75->52 87 403311-403327 call 405ba1 * 2 75->87 85 403387-4033a1 lstrcatA lstrcmpiA 76->85 86 40337c-403382 lstrcatA 76->86 78->71 85->52 91 4033a3-4033a6 85->91 86->85 87->55 99 4034e2-4034ec 88->99 100 4034ee-4034f9 ExitWindowsEx 88->100 89->88 93 40348e-403490 89->93 95 4033a8-4033ad call 40534f 91->95 96 4033af call 4053cc 91->96 93->88 98 403492-4034a4 GetCurrentProcess 93->98 107 4033b4-4033c1 SetCurrentDirectoryA 95->107 96->107 98->88 113 4034a6-4034c8 98->113 99->100 106 4034fb-4034fd call 40140b 99->106 100->59 100->106 106->59 111 4033c3-4033c9 call 405ba1 107->111 112 4033ce-4033e8 call 405ba1 107->112 111->112 118 4033ed-403409 call 405bc3 DeleteFileA 112->118 113->88 121 40344a-403451 118->121 122 40340b-40341b CopyFileA 118->122 121->118 124 403453-40345a call 4058ef 121->124 122->121 123 40341d-40343d call 4058ef call 405bc3 call 405401 122->123 123->121 133 40343f-403446 CloseHandle 123->133 124->52 133->121
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetErrorMode.KERNELBASE ref: 00403131
                                                                                                                                                                                                                                              • GetVersion.KERNEL32 ref: 00403137
                                                                                                                                                                                                                                              • #17.COMCTL32(0000000B,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00403185
                                                                                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 0040318C
                                                                                                                                                                                                                                              • SHGetFileInfoA.SHELL32(00429078,00000000,?,00000160,00000000), ref: 004031A8
                                                                                                                                                                                                                                              • GetCommandLineA.KERNEL32(Fast! Resources Setup,NSIS Error), ref: 004031BD
                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00000000), ref: 004031D0
                                                                                                                                                                                                                                              • CharNextA.USER32(00000000,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00409188), ref: 004031FB
                                                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040328E
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032A3
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032AF
                                                                                                                                                                                                                                              • DeleteFileA.KERNELBASE(1033), ref: 004032C2
                                                                                                                                                                                                                                                • Part of subcall function 00405F2D: GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                • Part of subcall function 00405F2D: GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32(00000000), ref: 0040333B
                                                                                                                                                                                                                                              • OleUninitialize.OLE32(00000000), ref: 00403340
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403360
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00000000,00000000), ref: 00403373
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00000000,00000000), ref: 00403382
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00000000,00000000), ref: 0040338D
                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp), ref: 00403399
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033B5
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00428C78,00428C78,?,0042F000,?), ref: 004033FF
                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\SetupResources.exe,00428C78,00000001), ref: 00403413
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00428C78,00428C78,?,00428C78,00000000), ref: 00403440
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403499
                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 004034F1
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403514
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExitFileProcesslstrcat$Handle$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpi
                                                                                                                                                                                                                                              • String ID: $ /D=$ _?=$"$.tmp$1033$C:\Program Files (x86)\Fast!$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupResources.exe$C:\Users\user\AppData\Local\Temp\SetupResources.exe$Error launching installer$Fast! Resources Setup$NCRC$NSIS Error$SETUPAPI$SeShutdownPrivilege$USERENV$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                              • API String ID: 2193684524-828174769
                                                                                                                                                                                                                                              • Opcode ID: 4dd452560eae24bc6de7938b16d62ef3ef61ce91039457760c5fd2ce1b0eb6ad
                                                                                                                                                                                                                                              • Instruction ID: 451575da7f46b68c591153a14feb1e54add6b468c03afba2ffefeba693a227d9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4dd452560eae24bc6de7938b16d62ef3ef61ce91039457760c5fd2ce1b0eb6ad
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55A1E3705083416AE7216F629C4AF6B7EACEB4570AF04047FF541B61D2CB7C9A058A6F
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004035F4 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 134 4035f4-40360c call 405f2d 137 403620-403647 call 405a88 134->137 138 40360e-40361e call 405aff 134->138 142 403649-40365a call 405a88 137->142 143 40365f-403665 lstrcatA 137->143 146 40366a-403693 call 4038bd call 405775 138->146 142->143 143->146 152 403699-40369e 146->152 153 40371a-403722 call 405775 146->153 152->153 154 4036a0-4036c4 call 405a88 152->154 158 403730-403755 LoadImageA 153->158 159 403724-40372b call 405bc3 153->159 154->153 164 4036c6-4036c8 154->164 162 4037e4-4037ec call 40140b 158->162 163 40375b-403791 RegisterClassA 158->163 159->158 177 4037f6-403801 call 4038bd 162->177 178 4037ee-4037f1 162->178 167 4038b3 163->167 168 403797-4037df SystemParametersInfoA CreateWindowExA 163->168 165 4036d9-4036e5 lstrlenA 164->165 166 4036ca-4036d7 call 4056bf 164->166 172 4036e7-4036f5 lstrcmpiA 165->172 173 40370d-403715 call 405694 call 405ba1 165->173 166->165 171 4038b5-4038bc 167->171 168->162 172->173 176 4036f7-403701 GetFileAttributesA 172->176 173->153 180 403703-403705 176->180 181 403707-403708 call 4056db 176->181 187 403807-403821 ShowWindow call 405ec3 177->187 188 40388a-403892 call 404f5f 177->188 178->171 180->173 180->181 181->173 195 403823-403828 call 405ec3 187->195 196 40382d-40383f GetClassInfoA 187->196 193 403894-40389a 188->193 194 4038ac-4038ae call 40140b 188->194 193->178 201 4038a0-4038a7 call 40140b 193->201 194->167 195->196 199 403841-403851 GetClassInfoA RegisterClassA 196->199 200 403857-403888 DialogBoxParamA call 40140b call 403544 196->200 199->200 200->171 201->178
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00405F2D: GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                • Part of subcall function 00405F2D: GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(1033,0042A0C0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0C0,00000000,00000003,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00000000), ref: 00403665
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0042DBE0,?,?,?,0042DBE0,00000000,C:\Program Files (x86)\Fast!,1033,0042A0C0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0C0,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036DA
                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,.exe), ref: 004036ED
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(0042DBE0), ref: 004036F8
                                                                                                                                                                                                                                              • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\Fast!), ref: 00403741
                                                                                                                                                                                                                                                • Part of subcall function 00405AFF: wsprintfA.USER32 ref: 00405B0C
                                                                                                                                                                                                                                              • RegisterClassA.USER32 ref: 00403788
                                                                                                                                                                                                                                              • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004037A0
                                                                                                                                                                                                                                              • CreateWindowExA.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 004037D9
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 0040380F
                                                                                                                                                                                                                                              • GetClassInfoA.USER32(00000000,RichEdit20A,0042E3E0), ref: 0040383B
                                                                                                                                                                                                                                              • GetClassInfoA.USER32(00000000,RichEdit,0042E3E0), ref: 00403848
                                                                                                                                                                                                                                              • RegisterClassA.USER32(0042E3E0), ref: 00403851
                                                                                                                                                                                                                                              • DialogBoxParamA.USER32(?,00000000,0040398A,00000000), ref: 00403870
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                              • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupResources.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$B
                                                                                                                                                                                                                                              • API String ID: 1975747703-2230181494
                                                                                                                                                                                                                                              • Opcode ID: ac045105ea430784d240a2a91794aa78d6c2f3841bae4eef558abf86d16be117
                                                                                                                                                                                                                                              • Instruction ID: 069ef0fb9a42e1b4956c000ddcdb280bce5473b1ca4ea0d36e0de5988d82752f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac045105ea430784d240a2a91794aa78d6c2f3841bae4eef558abf86d16be117
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE61D8B16442007FD220AFA69C45F273A6CEB44749F44457FF940B32D1CA7DA9018A7E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402C38 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 208 402c38-402c86 GetTickCount GetModuleFileNameA call 405878 211 402c92-402cc0 call 405ba1 call 4056db call 405ba1 GetFileSize 208->211 212 402c88-402c8d 208->212 220 402cc6 211->220 221 402dad-402dbb call 402bd4 211->221 213 402e6a-402e6e 212->213 223 402ccb-402ce2 220->223 228 402e10-402e15 221->228 229 402dbd-402dc0 221->229 224 402ce4 223->224 225 402ce6-402ce8 call 403093 223->225 224->225 230 402ced-402cef 225->230 228->213 231 402dc2-402dd3 call 4030c5 call 403093 229->231 232 402de4-402e0e GlobalAlloc call 4030c5 call 402e71 229->232 234 402cf5-402cfc 230->234 235 402e17-402e1f call 402bd4 230->235 248 402dd8-402dda 231->248 232->228 259 402e21-402e32 232->259 238 402d78-402d7c 234->238 239 402cfe-402d12 call 405839 234->239 235->228 243 402d86-402d8c 238->243 244 402d7e-402d85 call 402bd4 238->244 239->243 257 402d14-402d1b 239->257 250 402d9b-402da5 243->250 251 402d8e-402d98 call 405f9c 243->251 244->243 248->228 254 402ddc-402de2 248->254 250->223 258 402dab 250->258 251->250 254->228 254->232 257->243 261 402d1d-402d24 257->261 258->221 262 402e34 259->262 263 402e3a-402e3f 259->263 261->243 265 402d26-402d2d 261->265 262->263 264 402e40-402e46 263->264 264->264 266 402e48-402e63 SetFilePointer call 405839 264->266 265->243 267 402d2f-402d36 265->267 270 402e68 266->270 267->243 269 402d38-402d58 267->269 269->228 271 402d5e-402d62 269->271 270->213 272 402d64-402d68 271->272 273 402d6a-402d72 271->273 272->258 272->273 273->243 274 402d74-402d76 273->274 274->243
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402C49
                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00000400), ref: 00402C65
                                                                                                                                                                                                                                                • Part of subcall function 00405878: GetFileAttributesA.KERNELBASE(00000003,00402C78,C:\Users\user\AppData\Local\Temp\SetupResources.exe,80000000,00000003), ref: 0040587C
                                                                                                                                                                                                                                                • Part of subcall function 00405878: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040589E
                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\SetupResources.exe,80000000,00000003), ref: 00402CB1
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\SetupResources.exe, xrefs: 00402C38
                                                                                                                                                                                                                                              • Inst, xrefs: 00402D1D
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 00402C93, 00402C98, 00402C9E
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C42
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\SetupResources.exe, xrefs: 00402C4F, 00402C5E, 00402C72, 00402C92
                                                                                                                                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E10
                                                                                                                                                                                                                                              • Null, xrefs: 00402D2F
                                                                                                                                                                                                                                              • soft, xrefs: 00402D26
                                                                                                                                                                                                                                              • Error launching installer, xrefs: 00402C88
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupResources.exe$C:\Users\user\AppData\Local\Temp\SetupResources.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                                                                              • API String ID: 4283519449-996192831
                                                                                                                                                                                                                                              • Opcode ID: 52dd5125f2beb4c5a01725ee1ecfb7cda6383a0ef784e60b7ebdc9a7c5e8d2b4
                                                                                                                                                                                                                                              • Instruction ID: d5d64c7dde767481ec9b836f5bb8cc7fe4476435a14377af370c0b56c56fa9d6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52dd5125f2beb4c5a01725ee1ecfb7cda6383a0ef784e60b7ebdc9a7c5e8d2b4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B51D971901214ABDB219FA6DE89B9E7BB8FB40354F10413BF900B62D1D7BC9D418B9D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405BC3 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 197stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 275 405bc3-405bce 276 405bd0-405bdf 275->276 277 405be1-405bfe 275->277 276->277 278 405de0-405de4 277->278 279 405c04-405c0b 277->279 280 405c10-405c1a 278->280 281 405dea-405df4 278->281 279->278 280->281 282 405c20-405c27 280->282 283 405df6-405dfa call 405ba1 281->283 284 405dff-405e00 281->284 285 405dd3 282->285 286 405c2d-405c62 282->286 283->284 288 405dd5-405ddb 285->288 289 405ddd-405ddf 285->289 290 405c68-405c73 GetVersion 286->290 291 405d7d-405d80 286->291 288->278 289->278 292 405c75-405c79 290->292 293 405c8d 290->293 294 405db0-405db3 291->294 295 405d82-405d85 291->295 292->293 296 405c7b-405c7f 292->296 299 405c94-405c9b 293->299 300 405dc1-405dd1 lstrlenA 294->300 301 405db5-405dbc call 405bc3 294->301 297 405d95-405da1 call 405ba1 295->297 298 405d87-405d93 call 405aff 295->298 296->293 302 405c81-405c85 296->302 312 405da6-405dac 297->312 298->312 304 405ca0-405ca2 299->304 305 405c9d-405c9f 299->305 300->278 301->300 302->293 308 405c87-405c8b 302->308 310 405ca4-405cbf call 405a88 304->310 311 405cdb-405cde 304->311 305->304 308->299 320 405cc4-405cc7 310->320 313 405ce0-405cec GetSystemDirectoryA 311->313 314 405cee-405cf1 311->314 312->300 316 405dae 312->316 317 405d5f-405d62 313->317 318 405cf3-405d01 GetWindowsDirectoryA 314->318 319 405d5b-405d5d 314->319 321 405d75-405d7b call 405e03 316->321 317->321 324 405d64-405d68 317->324 318->319 319->317 323 405d03-405d0d 319->323 320->324 325 405ccd-405cd6 call 405bc3 320->325 321->300 328 405d27-405d3d SHGetSpecialFolderLocation 323->328 329 405d0f-405d12 323->329 324->321 326 405d6a-405d70 lstrcatA 324->326 325->317 326->321 333 405d58 328->333 334 405d3f-405d56 SHGetPathFromIDListA CoTaskMemFree 328->334 329->328 332 405d14-405d25 329->332 332->317 332->328 333->319 334->317 334->333
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetVersion.KERNEL32(00000000,00429898,00000000,00404EC5,00429898,00000000), ref: 00405C6B
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32(0042DBE0,00000400), ref: 00405CE6
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(0042DBE0,00000400), ref: 00405CF9
                                                                                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(?,0041F727), ref: 00405D35
                                                                                                                                                                                                                                              • SHGetPathFromIDListA.SHELL32(0041F727,0042DBE0), ref: 00405D43
                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(0041F727), ref: 00405D4E
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(0042DBE0,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D70
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0042DBE0,00000000,00429898,00000000,00404EC5,00429898,00000000), ref: 00405DC2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00405D6A
                                                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion, xrefs: 00405CB5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                              • API String ID: 900638850-730719616
                                                                                                                                                                                                                                              • Opcode ID: 56c6644338f5748cd9e4adb5f2c50b348e185d39bfc66a16460e33acb065d9ec
                                                                                                                                                                                                                                              • Instruction ID: fa1e0b9f47c9474f0aa02006464afd466a30f7754b548aa089decd5b8df859b0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56c6644338f5748cd9e4adb5f2c50b348e185d39bfc66a16460e33acb065d9ec
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8512531A04A15ABEB205B698C88BBB3B64DF11314F54827BE511BA2D0D37C5942DF4E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402E71 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 174fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 336 402e71-402e85 337 402e87 336->337 338 402e8e-402e97 336->338 337->338 339 402ea0-402ea5 338->339 340 402e99 338->340 341 402eb5-402ec2 call 403093 339->341 342 402ea7-402eb0 call 4030c5 339->342 340->339 346 402ec8-402ecc 341->346 347 40303e 341->347 342->341 349 402ed2-402f1b GetTickCount 346->349 350 403027-403029 346->350 348 403040-403041 347->348 353 40308c-403090 348->353 351 402f21-402f29 349->351 352 403089 349->352 354 40302b-40302e 350->354 355 40307e-403082 350->355 356 402f2b 351->356 357 402f2e-402f3c call 403093 351->357 352->353 360 403030 354->360 361 403033-40303c call 403093 354->361 358 403043-403049 355->358 359 403084 355->359 356->357 357->347 370 402f42-402f4b 357->370 363 40304b 358->363 364 40304e-40305c call 403093 358->364 359->352 360->361 361->347 369 403086 361->369 363->364 364->347 373 40305e-403071 WriteFile 364->373 369->352 372 402f51-402f71 call 40600a 370->372 379 402f77-402f8a GetTickCount 372->379 380 40301f-403021 372->380 375 403023-403025 373->375 376 403073-403076 373->376 375->348 376->375 378 403078-40307b 376->378 378->355 381 402f8c-402f94 379->381 382 402fcf-402fd3 379->382 380->348 385 402f96-402f9a 381->385 386 402f9c-402fcc MulDiv wsprintfA call 404e8d 381->386 383 403014-403017 382->383 384 402fd5-402fd8 382->384 383->351 389 40301d 383->389 387 402ffa-403005 384->387 388 402fda-402fee WriteFile 384->388 385->382 385->386 386->382 392 403008-40300c 387->392 388->375 391 402ff0-402ff3 388->391 389->352 391->375 394 402ff5-402ff8 391->394 392->372 395 403012 392->395 394->392 395->352
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402ED8
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402F7F
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402FA8
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00402FB8
                                                                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,0041F727,7FFFFFFF,00000000), ref: 00402FE6
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CountTick$FileWritewsprintf
                                                                                                                                                                                                                                              • String ID: ... %d%%$hLA$hLA
                                                                                                                                                                                                                                              • API String ID: 4209647438-3864250065
                                                                                                                                                                                                                                              • Opcode ID: addaab61d9762357401ed889a56f94317b04aa9940b264370ab1ae8ac3205c02
                                                                                                                                                                                                                                              • Instruction ID: 8a95cf2a137d7550cfd21daf0583010478331d15a29cb338fc351ae0d0d0651f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: addaab61d9762357401ed889a56f94317b04aa9940b264370ab1ae8ac3205c02
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D261AE7190221AEBDB10DFA5DA44AAF7BB8EB40355F10417BF910B72C4D7789A40CBE9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401734 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 396 401734-401757 call 402a0c call 405701 401 401761-401773 call 405ba1 call 405694 lstrcatA 396->401 402 401759-40175f call 405ba1 396->402 407 401778-40177e call 405e03 401->407 402->407 412 401783-401787 407->412 413 401789-401793 call 405e9c 412->413 414 4017ba-4017bd 412->414 421 4017a5-4017b7 413->421 422 401795-4017a3 CompareFileTime 413->422 416 4017c5-4017e1 call 405878 414->416 417 4017bf-4017c0 call 405859 414->417 424 4017e3-4017e6 416->424 425 401859-401882 call 404e8d call 402e71 416->425 417->416 421->414 422->421 427 4017e8-40182a call 405ba1 * 2 call 405bc3 call 405ba1 call 405462 424->427 428 40183b-401845 call 404e8d 424->428 439 401884-401888 425->439 440 40188a-401896 SetFileTime 425->440 427->412 460 401830-401831 427->460 437 40184e-401854 428->437 441 4028aa 437->441 439->440 443 40189c-4018a7 FindCloseChangeNotification 439->443 440->443 445 4028ac-4028b0 441->445 446 4028a1-4028a4 443->446 447 4018ad-4018b0 443->447 446->441 449 4018b2-4018c3 call 405bc3 lstrcatA 447->449 450 4018c5-4018c8 call 405bc3 447->450 454 4018cd-402229 call 405462 449->454 450->454 454->445 463 402672-402679 454->463 460->437 462 401833-401834 460->462 462->428 463->446
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,00000000,C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll,C:\Program Files (x86)\Fast!,00000000,00000000,00000031), ref: 00401773
                                                                                                                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll,C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll,00000000,00000000,C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll,C:\Program Files (x86)\Fast!,00000000,00000000,00000031), ref: 0040179D
                                                                                                                                                                                                                                                • Part of subcall function 00405BA1: lstrcpynA.KERNEL32(?,?,00000400,004031BD,Fast! Resources Setup,NSIS Error), ref: 00405BAE
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00429898,00000000,0041F727,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00402FCC,00429898,00000000,0041F727,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrcatA.KERNEL32(00429898,00402FCC,00402FCC,00429898,00000000,0041F727,76F923A0), ref: 00404EE9
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SetWindowTextA.USER32(00429898,00429898), ref: 00404EFB
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                              • String ID: C:\Program Files (x86)\Fast!$C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll
                                                                                                                                                                                                                                              • API String ID: 1941528284-1088974565
                                                                                                                                                                                                                                              • Opcode ID: 861f3879c83e28eb07bb09eee35a09ef472ebd3ea5b24dd6fff8f590b62750ba
                                                                                                                                                                                                                                              • Instruction ID: e79ae9243306ab86068bc1e71be5748962656d45b0e0834c5e2f96de839f3da3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 861f3879c83e28eb07bb09eee35a09ef472ebd3ea5b24dd6fff8f590b62750ba
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71419632914514BADF107BB9CC45EAF3679EF01329B20823BF421F11E1D77C9A418A6E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 464 4015b3-4015c6 call 402a0c call 405728 469 4015c8-4015e3 call 4056bf CreateDirectoryA 464->469 470 40160a-40160d 464->470 479 401600-401608 469->479 480 4015e5-4015f0 GetLastError 469->480 472 40162d-40217f call 401423 470->472 473 40160f-401628 call 401423 call 405ba1 SetCurrentDirectoryA 470->473 486 4028a1-4028b0 472->486 473->486 479->469 479->470 483 4015f2-4015fb GetFileAttributesA 480->483 484 4015fd 480->484 483->479 483->484 484->479
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00405728: CharNextA.USER32(004054DA,?,0042B4C8,00000000,0040578C,0042B4C8,0042B4C8,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405736
                                                                                                                                                                                                                                                • Part of subcall function 00405728: CharNextA.USER32(00000000), ref: 0040573B
                                                                                                                                                                                                                                                • Part of subcall function 00405728: CharNextA.USER32(00000000), ref: 0040574A
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files (x86)\Fast!,00000000,00000000,000000F0), ref: 00401622
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Program Files (x86)\Fast!, xrefs: 00401617
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                                                                                                                              • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                              • API String ID: 3751793516-1788482285
                                                                                                                                                                                                                                              • Opcode ID: 4119a9241f750ab8e997e3db940842f9a3b25b0b78736786cf3fc51800a7fa31
                                                                                                                                                                                                                                              • Instruction ID: bb8d1e4e690ad92a523629274e31cd42690718b140f669fc0321f517961e655e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4119a9241f750ab8e997e3db940842f9a3b25b0b78736786cf3fc51800a7fa31
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB010831908140AFDB217B795D44D6F77B49E56365B24063FF491B22E1C53C0941962E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405EC3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 489 405ec3-405ee3 GetSystemDirectoryA 490 405ee5 489->490 491 405ee7-405ee9 489->491 490->491 492 405ef9-405efb 491->492 493 405eeb-405ef3 491->493 495 405efc-405f2a wsprintfA LoadLibraryA 492->495 493->492 494 405ef5-405ef7 493->494 494->495
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405EDA
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00405F13
                                                                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(?), ref: 00405F23
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                              • String ID: %s%s.dll$\
                                                                                                                                                                                                                                              • API String ID: 2200240437-500877883
                                                                                                                                                                                                                                              • Opcode ID: bac9a2fc6f46d7ce26ef8fb07d33782f421afe65be062073a8d3b7340457a89d
                                                                                                                                                                                                                                              • Instruction ID: bb15d2e5d25401263bf0b052e26ed8f2ff91206720ea4b5c6b623b775464ebc4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bac9a2fc6f46d7ce26ef8fb07d33782f421afe65be062073a8d3b7340457a89d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FF02B309042095BDB149768DC0DEFB3B5CEB08304F1405BBA1C6E10D2E678ED558FD8
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004058A7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 496 4058a7-4058b1 497 4058b2-4058dc GetTickCount GetTempFileNameA 496->497 498 4058eb-4058ed 497->498 499 4058de-4058e0 497->499 501 4058e5-4058e8 498->501 499->497 500 4058e2 499->500 500->501
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004058BA
                                                                                                                                                                                                                                              • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058D4
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupResources.exe$nsa
                                                                                                                                                                                                                                              • API String ID: 1716503409-3858494297
                                                                                                                                                                                                                                              • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                                                                              • Instruction ID: 40dff32a3e5f00750648796d4805ff32b13dc741bded237dc881b6ef32aeca23
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91F0A73734820476E7105E55DC04B9B7F6DDF91750F14C027FD449A1C0D6B4995497A5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405A88 Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 502 405a88-405ab9 RegOpenKeyExA 503 405af9-405afc 502->503 504 405abb-405ada RegQueryValueExA 502->504 505 405ae8 504->505 506 405adc-405ae0 504->506 507 405aea-405af3 RegCloseKey 505->507 506->507 508 405ae2-405ae6 506->508 507->503 508->505 508->507
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNELBASE(80000002,00405CC4,00000000,00000002,?,00000002,0020A061,?,00405CC4,80000002,Software\Microsoft\Windows\CurrentVersion,0020A061,0042DBE0,00638CD9), ref: 00405AB1
                                                                                                                                                                                                                                              • RegQueryValueExA.KERNELBASE(0020A061,?,00000000,00405CC4,0020A061,00405CC4), ref: 00405AD2
                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?), ref: 00405AF3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3677997916-0
                                                                                                                                                                                                                                              • Opcode ID: 67b3e0d3ded8972df4b5bccd868b78f6ad8d4f27bd32828d0c76414c952c029f
                                                                                                                                                                                                                                              • Instruction ID: 73a274855f42cec9a7ce3e58aeff3d3433a4445e8632c2ebf8a036d33102cd28
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67b3e0d3ded8972df4b5bccd868b78f6ad8d4f27bd32828d0c76414c952c029f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8701487114020AEFDF128F64EC88AEB3FACEF14358F004126F904A6160D235D964DFA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 509 401389-40138e 510 4013fa-4013fc 509->510 511 401390-4013a0 510->511 512 4013fe 510->512 511->512 514 4013a2-4013a3 call 401434 511->514 513 401400-401401 512->513 516 4013a8-4013ad 514->516 517 401404-401409 516->517 518 4013af-4013b7 call 40136d 516->518 517->513 521 4013b9-4013bb 518->521 522 4013bd-4013c2 518->522 523 4013c4-4013c9 521->523 522->523 523->510 524 4013cb-4013f4 MulDiv SendMessageA 523->524 524->510
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                              • Opcode ID: 42849ed48d919fde42c0d44f840d19e9f7e342482cf35ba8d4f2414d886d90f9
                                                                                                                                                                                                                                              • Instruction ID: 86a6a9173f7d20567c8ae2bb249fddc303668c970c82e3d032b9735ebafba260
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42849ed48d919fde42c0d44f840d19e9f7e342482cf35ba8d4f2414d886d90f9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B30128317242209BE7195B399C05B6A369CE714328F50853BF851F72F2DA78DC039B8D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405F2D Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 525 405f2d-405f47 GetModuleHandleA 526 405f53-405f60 GetProcAddress 525->526 527 405f49-405f4a call 405ec3 525->527 529 405f64-405f66 526->529 530 405f4f-405f51 527->530 530->526 531 405f62 530->531 531->529
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                                • Part of subcall function 00405EC3: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405EDA
                                                                                                                                                                                                                                                • Part of subcall function 00405EC3: wsprintfA.USER32 ref: 00405F13
                                                                                                                                                                                                                                                • Part of subcall function 00405EC3: LoadLibraryA.KERNELBASE(?), ref: 00405F23
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2547128583-0
                                                                                                                                                                                                                                              • Opcode ID: 1ff86fa5640f02b1d9e100387d52f784ab4969e574a7c6b0b5bb7fb3ea5c422e
                                                                                                                                                                                                                                              • Instruction ID: 5a94b1a02772503a3f00306f9b3f9683cc322e661ee482fd999d4dc3ca30496d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ff86fa5640f02b1d9e100387d52f784ab4969e574a7c6b0b5bb7fb3ea5c422e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AE0863260861176D6105B74AD0496B72A8DE8C7503054C7EF945F6190D738DC119AA9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405878 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 532 405878-4058a4 GetFileAttributesA CreateFileA
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(00000003,00402C78,C:\Users\user\AppData\Local\Temp\SetupResources.exe,80000000,00000003), ref: 0040587C
                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040589E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                                                                                              • Opcode ID: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                                                                                                              • Instruction ID: 518821d5ca0a74227a37217cadb520a33af9faec79942caa6648154b48e23ab6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDD09E71658301AFEF098F20DE1AF2E7AA2EB84B01F10962CB646940E0D6715C15DB16
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405859 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 537 405859-405866 GetFileAttributesA 538 405875 537->538 539 405868-40586f SetFileAttributesA 537->539 539->538
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(?,00405664,?,?,?), ref: 0040585D
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040586F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                              • Opcode ID: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                                                                                                                                                                                                                              • Instruction ID: 15299d6900fb3f0dcfcb805ba40550cd3d393431f2dda1ea0104ff8e742be84e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AC04CB1808505BBD6016B35DF4DC1F7B66EB50321B108B35F569A01F0CB319C66DA1A
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004053CC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 533 4053cc-4053da CreateDirectoryA 534 4053e0 GetLastError 533->534 535 4053dc-4053de 533->535 536 4053e6 534->536 535->536
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNELBASE(?,00000000,00403100,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 004053D2
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 004053E0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                                                                                                                              • Opcode ID: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                                                                                                                                                                                                                              • Instruction ID: 0a32bba0594ce4c50c7d18531d00583a5fdebb7a5bad339d624f0ac39b1a71a3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0C04C30A08501EBD6105B31AE49B177AE49B547C1F1045366506E41E0D7B49411D93E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403093 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EC0,000000FF,00000004,00000000,00000000,00000000), ref: 004030AA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                                                                                              • Opcode ID: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                                                                                                                                                                                                                              • Instruction ID: fff8dc69d300bf088447089d7068fb6aaa903b2c1760e3ba56c5ad9840b64b03
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BAE08C32161118BBCF215E52EC00EE73B5CEB047A2F008033BA14E62A0D670EA14DBAA
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004030C5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402DFF,00009DE4), ref: 004030D3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                                                              • Opcode ID: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                                                                                                                                                                                                                              • Instruction ID: 89776e93a0172b97a38fb7948c015c90ed7fb14eba3da05579cbd58eb2c2bcc6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87B01271644200BFDB214F00DF06F057B61A794701F108030B744380F082712830EB1E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040351A Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,00403340,00000000), ref: 00403525
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                                                                                                                              • Opcode ID: 8c26942ae0773f9dbc702252541389aaf768f8ffdabc22c98b52bd8a09ae71d5
                                                                                                                                                                                                                                              • Instruction ID: d1a415a1e30e97e21d6e0245b321a96cd967b9cfe2038280d4bc5e0259fe27b2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c26942ae0773f9dbc702252541389aaf768f8ffdabc22c98b52bd8a09ae71d5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CC01230544A00A6C2647F7C9E0B6053A156740336FD04725B175B10F3C73C5A41552E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                              Function 004047DC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 004047F3
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 00404800
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000001), ref: 0040484C
                                                                                                                                                                                                                                              • LoadBitmapA.USER32(0000006E), ref: 0040485F
                                                                                                                                                                                                                                              • SetWindowLongA.USER32(?,000000FC,00404DDD), ref: 00404879
                                                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 0040488D
                                                                                                                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004048A1
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001109,00000002), ref: 004048B6
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048C2
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048D4
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004048D9
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404904
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404910
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049A5
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049D0
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049E4
                                                                                                                                                                                                                                              • GetWindowLongA.USER32(?,000000F0), ref: 00404A13
                                                                                                                                                                                                                                              • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404A21
                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 00404A32
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B35
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404B9A
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BAF
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BD3
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404BF9
                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 00404C0E
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00404C1E
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404C8E
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D37
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D46
                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D66
                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 00404DB4
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 00404DBF
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00404DC6
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                              • String ID: $M$N
                                                                                                                                                                                                                                              • API String ID: 1638840714-813528018
                                                                                                                                                                                                                                              • Opcode ID: 4e63ca6e9464e87f5d4ab94560d5c99c95fe02dad02888ea5b3d52ac9d8c04b8
                                                                                                                                                                                                                                              • Instruction ID: 458a4472cc575749f24c7bcde6f1b2e9246033a2a8d3a9469834700d3721ba37
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e63ca6e9464e87f5d4ab94560d5c99c95fe02dad02888ea5b3d52ac9d8c04b8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7028EB0A00209EFDB21DF55DD85AAE7BB5FB84314F10813AF610BA2E1C7799A41DF58
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004054C6 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004054E4
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(0042B0C8,\*.*,0042B0C8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040552E
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00409010,?,0042B0C8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040554F
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,00409010,?,0042B0C8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405555
                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(0042B0C8,?,?,?,00409010,?,0042B0C8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405566
                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 00405618
                                                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 00405629
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • \*.*, xrefs: 00405528
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\SetupResources.exe, xrefs: 004054C6
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004054D0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupResources.exe$\*.*
                                                                                                                                                                                                                                              • API String ID: 2035342205-1430602279
                                                                                                                                                                                                                                              • Opcode ID: 49a23bcb4989eb2bc55f989632ffb7892a432e638327651476ee734d0b1ae01c
                                                                                                                                                                                                                                              • Instruction ID: 7349ebf4964971957ddff473b41d0a41d9b63905a7032000284e6e99f459cf31
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49a23bcb4989eb2bc55f989632ffb7892a432e638327651476ee734d0b1ae01c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C51F130404A487ADB226B228C45BBF3A69DF42318F50853BF909711D1DB7D9982DE6E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404FCB Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 0040502A
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 00405039
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00405076
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000015), ref: 0040507E
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 0040509F
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050B0
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050C3
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050D1
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001024,00000000,?), ref: 004050E4
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405106
                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 0040511A
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040513B
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 0040514B
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405164
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405170
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 00405048
                                                                                                                                                                                                                                                • Part of subcall function 00403E92: SendMessageA.USER32(00000028,?,00000001,00403CC3), ref: 00403EA0
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040518D
                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00004F5F,00000000), ref: 0040519B
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004051A2
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 004051C6
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000008), ref: 004051CB
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000008), ref: 00405212
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 00405244
                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00405255
                                                                                                                                                                                                                                              • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 0040526A
                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 0040527D
                                                                                                                                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004052A1
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052DC
                                                                                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 004052EC
                                                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 004052F2
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052FB
                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405305
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405319
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405331
                                                                                                                                                                                                                                              • SetClipboardData.USER32(00000001,00000000), ref: 0040533C
                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 00405342
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                              • String ID: {
                                                                                                                                                                                                                                              • API String ID: 590372296-366298937
                                                                                                                                                                                                                                              • Opcode ID: 81a5edb01f2c481cc91269a3399b72ec91bb31aab1936338fad3c8b3eb1c2df1
                                                                                                                                                                                                                                              • Instruction ID: 9773a58430cbfeecb670b401eb949321dafbae4239e93fa01985779c5be3160a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81a5edb01f2c481cc91269a3399b72ec91bb31aab1936338fad3c8b3eb1c2df1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADA14A70900208BFDB11AFA1DC89AAE7F79FB08354F40853AFA04BA1A0C7755A51DF99
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040398A Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039C6
                                                                                                                                                                                                                                              • ShowWindow.USER32(?), ref: 004039E3
                                                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 004039F7
                                                                                                                                                                                                                                              • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A13
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00403A34
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A48
                                                                                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00403A4F
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00403AFD
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00403B07
                                                                                                                                                                                                                                              • SetClassLongA.USER32(?,000000F2,?), ref: 00403B21
                                                                                                                                                                                                                                              • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B72
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 00403C18
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00403C39
                                                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00403C4B
                                                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00403C66
                                                                                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C7C
                                                                                                                                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 00403C83
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403C9B
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CAE
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0042A0C0,?,0042A0C0,Fast! Resources Setup), ref: 00403CD7
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,0042A0C0), ref: 00403CE6
                                                                                                                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 00403E1A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                                                              • String ID: Fast! Resources Setup
                                                                                                                                                                                                                                              • API String ID: 184305955-2780696101
                                                                                                                                                                                                                                              • Opcode ID: f37d912e389ff35b5f2e3d6fe2aeb75ce8efd3987cf1f0c8c2098123954ad298
                                                                                                                                                                                                                                              • Instruction ID: 5f76212842cc3a2ea0064beba359403a4e9feef3dd5448b927816276c7a72de1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f37d912e389ff35b5f2e3d6fe2aeb75ce8efd3987cf1f0c8c2098123954ad298
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BC1D431604205ABDB216F62ED85D2B3EACFB49706F40053EF541B62E1C739A942DF6E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403FA5 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404030
                                                                                                                                                                                                                                              • GetDlgItem.USER32(00000000,000003E8), ref: 00404044
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404062
                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 00404073
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404082
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404091
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0040409B
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040A9
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040B8
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 0040411B
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000), ref: 0040411E
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 00404149
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404189
                                                                                                                                                                                                                                              • LoadCursorA.USER32(00000000,00007F02), ref: 00404198
                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 004041A1
                                                                                                                                                                                                                                              • ShellExecuteA.SHELL32(0000070B,open,0042DBE0,00000000,00000000,00000001), ref: 004041B4
                                                                                                                                                                                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 004041C1
                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 004041C4
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000111,00000001,00000000), ref: 004041F0
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404204
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                                                              • String ID: N$open$q?@
                                                                                                                                                                                                                                              • API String ID: 3615053054-1931339921
                                                                                                                                                                                                                                              • Opcode ID: 43e4b1bebc352cc37ab134c8e21d344cf3974b6da0146347b86895c6f7b453af
                                                                                                                                                                                                                                              • Instruction ID: 8cc316ab489d754ba064ab1d5a66df449127ca6112c148b2bdc2fdd16cb80ba7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43e4b1bebc352cc37ab134c8e21d344cf3974b6da0146347b86895c6f7b453af
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9361DFB1A40209BFEB109F60CC45F6A3B68FB54745F10853AFB04BA2D1C7B8A951CF99
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                              • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                              • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                              • DrawTextA.USER32(00000000,Fast! Resources Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                              • String ID: F$Fast! Resources Setup
                                                                                                                                                                                                                                              • API String ID: 941294808-2854520163
                                                                                                                                                                                                                                              • Opcode ID: 9ef4e76bf49e76a01cd413a5d017736c2cab636d92d5aa9aaf47e7e990c9ee05
                                                                                                                                                                                                                                              • Instruction ID: 7d427dbe4d4bacd88da03279d54ab8fa369b0c74db3328ba00a5b4b95e7f032c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ef4e76bf49e76a01cd413a5d017736c2cab636d92d5aa9aaf47e7e990c9ee05
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B41AC71804249AFCB058F95CD459BFBFB9FF44314F00802AF961AA2A0C738EA50DFA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004058EF Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00405F2D: GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                • Part of subcall function 00405F2D: GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,00405684,?,00000000,000000F1,?), ref: 0040593C
                                                                                                                                                                                                                                              • GetShortPathNameA.KERNEL32(?,0042C250,00000400), ref: 00405945
                                                                                                                                                                                                                                              • GetShortPathNameA.KERNEL32(00000000,0042BCC8,00000400), ref: 00405962
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00405980
                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0042BCC8,C0000000,00000004,0042BCC8,?,?,?,00000000,000000F1,?), ref: 004059BB
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059CA
                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059E0
                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,0042B8C8,00000000,-0000000A,00409404,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A26
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A38
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00405A3F
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A46
                                                                                                                                                                                                                                                • Part of subcall function 004057ED: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057F4
                                                                                                                                                                                                                                                • Part of subcall function 004057ED: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405824
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                                                                                                                                                                                              • String ID: %s=%s$[Rename]
                                                                                                                                                                                                                                              • API String ID: 3445103937-1727408572
                                                                                                                                                                                                                                              • Opcode ID: 93dbfb435071f571f0ab808dd2be6fd4af636485bab0aeb09ba325dd39622752
                                                                                                                                                                                                                                              • Instruction ID: f45ed1bdfbf8c4b03de67142e423a5701368854c8b403738f0f2c648216b24c4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93dbfb435071f571f0ab808dd2be6fd4af636485bab0aeb09ba325dd39622752
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D741D471B05B157BD7206B619C89F6B3B5CDF85754F040136F905F62D2EA38E8018EAD
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040429B Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 273stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 004042EA
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(00000000,?), ref: 00404314
                                                                                                                                                                                                                                              • SHBrowseForFolderA.SHELL32(?,00429490,?), ref: 004043C5
                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 004043D0
                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(0042DBE0,0042A0C0), ref: 00404402
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0042DBE0), ref: 0040440E
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404420
                                                                                                                                                                                                                                                • Part of subcall function 00405446: GetDlgItemTextA.USER32(?,?,00000400,00404457), ref: 00405459
                                                                                                                                                                                                                                                • Part of subcall function 00405E03: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E5B
                                                                                                                                                                                                                                                • Part of subcall function 00405E03: CharNextA.USER32(?,?,?,00000000), ref: 00405E68
                                                                                                                                                                                                                                                • Part of subcall function 00405E03: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E6D
                                                                                                                                                                                                                                                • Part of subcall function 00405E03: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E7D
                                                                                                                                                                                                                                              • GetDiskFreeSpaceA.KERNEL32(00429088,?,?,0000040F,?,00429088,00429088,?,00000001,00429088,?,?,000003FB,?), ref: 004044DE
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044F9
                                                                                                                                                                                                                                                • Part of subcall function 00404652: lstrlenA.KERNEL32(0042A0C0,0042A0C0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,0040456D,000000DF,00000000,00000400,?), ref: 004046F0
                                                                                                                                                                                                                                                • Part of subcall function 00404652: wsprintfA.USER32 ref: 004046F8
                                                                                                                                                                                                                                                • Part of subcall function 00404652: SetDlgItemTextA.USER32(?,0042A0C0), ref: 0040470B
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                              • String ID: A$C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                              • API String ID: 2624150263-1338060906
                                                                                                                                                                                                                                              • Opcode ID: 651704e9fdbceafa19cbcaa3072621ff73f1ed0c40465ee915921c67da8dd18a
                                                                                                                                                                                                                                              • Instruction ID: 25cf576a769d2d8a049a3aeadb65d5b4cdf4f75aeaeb5f9dd55cec19ee375662
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 651704e9fdbceafa19cbcaa3072621ff73f1ed0c40465ee915921c67da8dd18a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6A170B1900218ABDB11AFA5DC41BAF77B8EF84315F10843BF611B62D1D77C9A418F69
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405E03 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E5B
                                                                                                                                                                                                                                              • CharNextA.USER32(?,?,?,00000000), ref: 00405E68
                                                                                                                                                                                                                                              • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E6D
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E7D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                                                                                              • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                              • API String ID: 589700163-198701469
                                                                                                                                                                                                                                              • Opcode ID: 3b5f3268fa1fae19e58d0ad2ced72642c676bfd811e2c7a6988a98807c9a22ca
                                                                                                                                                                                                                                              • Instruction ID: 8c0debaa59703488c7458a94fa91a8896e4240cf3d31b331365b77cfd974a1c9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b5f3268fa1fae19e58d0ad2ced72642c676bfd811e2c7a6988a98807c9a22ca
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E11B671804A912DEB3217289C44B777FC8CB66790F18447BD4D5723C2D67C5D428AAD
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00403EC4 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowLongA.USER32(?,000000EB), ref: 00403EE1
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000000), ref: 00403EFD
                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00403F09
                                                                                                                                                                                                                                              • SetBkMode.GDI32(?,?), ref: 00403F15
                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 00403F28
                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 00403F38
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00403F52
                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 00403F5C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                                                                                              • Opcode ID: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                                                                                                                                                                                                                              • Instruction ID: 0d89a351d513fb24bb3d4bb4099581c898fc75933690e96f4850fc1bb23eeaf2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91214271904745ABCB219F78DD08B4B7FF8AF05715B048629F995A22E0D734E9048B65
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402692 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00009E00,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004026E6
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402702
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 0040273B
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040274D
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402754
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040276C
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402780
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3294113728-0
                                                                                                                                                                                                                                              • Opcode ID: 9c2b519bab710da34c4f93b0ba9d6d86cd7c01b4cb3bb32b5413ac78432567f7
                                                                                                                                                                                                                                              • Instruction ID: 5b53ae4c2b613e87b8af51cb2b1d5881ebc53a54f05e9f53cd44442d287e2222
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c2b519bab710da34c4f93b0ba9d6d86cd7c01b4cb3bb32b5413ac78432567f7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3131A971C00128BBCF216FA5CE88DAE7F79EF05364F10423AF920762E1C67949408FA9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404E8D Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00429898,00000000,0041F727,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00402FCC,00429898,00000000,0041F727,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(00429898,00402FCC,00402FCC,00429898,00000000,0041F727,76F923A0), ref: 00404EE9
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(00429898,00429898), ref: 00404EFB
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2531174081-0
                                                                                                                                                                                                                                              • Opcode ID: b9bd97d855335461d49e39303d4d63c0ba14004c0d3fb8e2a59ec645a9842c76
                                                                                                                                                                                                                                              • Instruction ID: d5e3cfdbeb95b60488c6f1e99959168c2d2eab17d02c72d4f5409838ea1ae410
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9bd97d855335461d49e39303d4d63c0ba14004c0d3fb8e2a59ec645a9842c76
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C21CF71900119BBDF11AFA5CD849DEBFB9EF45354F04807AF608B6290C779AE408FA8
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040475C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404777
                                                                                                                                                                                                                                              • GetMessagePos.USER32 ref: 0040477F
                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00404799
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047AB
                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047D1
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                              • Opcode ID: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                                                                                                                                                                                                                              • Instruction ID: 1287270e3ce35f4bc81f554f3193770291cde8f8b01dc106229a8c11fbd36195
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99014071D00219BADB01DBA4DD85FFEBBFCAB59711F10412BBA10B72C0D7B465018BA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402B51 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B6C
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(034D6C32,00000064,034D80C0), ref: 00402B97
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00402BA7
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,?), ref: 00402BB7
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BC9
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • verifying installer: %d%%, xrefs: 00402BA1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                              • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                              • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                              • Opcode ID: f4b40b60170e557e8e64fd1007bdae5203f411c8eb827d09f08439ceb1717922
                                                                                                                                                                                                                                              • Instruction ID: 170251b52dccb1bc1045efc101099eb7df8550efa5a7238432f4f3ca5a85e13a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4b40b60170e557e8e64fd1007bdae5203f411c8eb827d09f08439ceb1717922
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C501F470644209BBDB209F61DD49EED3779AB44305F008039FA06B52D0D7B599558F95
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040534F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,?,00000000), ref: 00405392
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 004053A6
                                                                                                                                                                                                                                              • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053BB
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 004053C5
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 0040534F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                                              • API String ID: 3449924974-3067928993
                                                                                                                                                                                                                                              • Opcode ID: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                                                                                                                                                                                                                              • Instruction ID: 0f194ad754f8d2153fe6bade7a67ae4222ab15fc701b17716cfd16251ec2b406
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5010871D04259EBEF119BA0D904BEFBFB8EF04354F00457AE905B6180D3B89614CFAA
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402A4C Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A6D
                                                                                                                                                                                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AA9
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402AB2
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402AD7
                                                                                                                                                                                                                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AF5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1912718029-0
                                                                                                                                                                                                                                              • Opcode ID: 87ccbfffecd7de7467de5c73c2002d88ab1ef4389744f866cc51cf150fc0b97d
                                                                                                                                                                                                                                              • Instruction ID: aab1c47b15b7d7dbd0304e6a384de86cdfdd1b9a1951722987da620561d60ced
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87ccbfffecd7de7467de5c73c2002d88ab1ef4389744f866cc51cf150fc0b97d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45117F71A00009FFDF219F91DE49DAF3B69EB14394B004076FA06F00A0DBB49E52AF69
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?), ref: 00401CC5
                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00401CD2
                                                                                                                                                                                                                                              • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401CF3
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                                                                                              • Opcode ID: 80015c0295c996dc09a7a69a0851128c21454d925603859c5d6fd9af08ddf10e
                                                                                                                                                                                                                                              • Instruction ID: 0b6a49845d72fa48a9a579b1019c06f6c105053db178aa5042bb0eadc5b1df39
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80015c0295c996dc09a7a69a0851128c21454d925603859c5d6fd9af08ddf10e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF0EC72A04114AFEB00EBA4DD88DAFB77CFB44305B044536F501F6191C678AD419B79
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404652 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0042A0C0,0042A0C0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,0040456D,000000DF,00000000,00000400,?), ref: 004046F0
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 004046F8
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,0042A0C0), ref: 0040470B
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                              • String ID: %u.%u%s%s
                                                                                                                                                                                                                                              • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                              • Opcode ID: ec62b53d4e0dbb31f5b6c5a17a5348d37b593b8d10f93b7eb7b316986fd69fdf
                                                                                                                                                                                                                                              • Instruction ID: cfc8e6c3a4af003209a53fcdfac8cba24e816d3e629d82a7997265ded69b8fd0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec62b53d4e0dbb31f5b6c5a17a5348d37b593b8d10f93b7eb7b316986fd69fdf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0112773A0412827EB0065699C45EAF3298DB86334F254637FE25F71D1E9799C1285EC
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                              • String ID: !
                                                                                                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                              • Opcode ID: e392da7139347f63c408211002f75456f017542e4151f627b34d3607e76d39d5
                                                                                                                                                                                                                                              • Instruction ID: e2d4d96ca7e059e12ef29128c845d67dbcf5a6688523181a8ec59df7cc8b106d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e392da7139347f63c408211002f75456f017542e4151f627b34d3607e76d39d5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B021A171A44208BFEF01AFB5CD8AAAE7B75EF44344F14407AF501BA1D1D6B88A40DB29
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004038BD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(00000000,Fast! Resources Setup), ref: 00403955
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: TextWindow
                                                                                                                                                                                                                                              • String ID: 1033$C:\Users\user\AppData\Local\Temp\SetupResources.exe$Fast! Resources Setup
                                                                                                                                                                                                                                              • API String ID: 530164218-1221082804
                                                                                                                                                                                                                                              • Opcode ID: 5c55cf1dc77012d7b49c2afc24761aa4d87cc513fcd06e13f885861062bacd8d
                                                                                                                                                                                                                                              • Instruction ID: 93100a74eb761491cad5589d5ba72450eee8ba09b7e289b8bdcf135b4c9a781b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c55cf1dc77012d7b49c2afc24761aa4d87cc513fcd06e13f885861062bacd8d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A611F071B006108BC730EF56DC80A773BACEB85715368813BA801A73A0CA39AD028B9C
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405694 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030FA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 0040569A
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030FA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 004056A3
                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00409010), ref: 004056B4
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405694
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                              • API String ID: 2659869361-297319885
                                                                                                                                                                                                                                              • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                                                                              • Instruction ID: 3169b85a74bfaa55460b422d3e3fbca7e168afda588c61a1877893bbaf19970e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25D0A972606A302EE20226158C05F8B3A28CF52301B0448A2F640B22D2C7BC7E818FFE
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401F67 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F92
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00429898,00000000,0041F727,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00402FCC,00429898,00000000,0041F727,76F923A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: lstrcatA.KERNEL32(00429898,00402FCC,00402FCC,00429898,00000000,0041F727,76F923A0), ref: 00404EE9
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SetWindowTextA.USER32(00429898,00429898), ref: 00404EFB
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                                • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FA2
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB2
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2987980305-0
                                                                                                                                                                                                                                              • Opcode ID: a8bda000f72a175a0f0ed6af68dae75491426ca2de135a58b3756a98873c7a0f
                                                                                                                                                                                                                                              • Instruction ID: c2750792bbdc63a1f1471102f5095df33ec689d5572da80d747626f78b0a8a56
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8bda000f72a175a0f0ed6af68dae75491426ca2de135a58b3756a98873c7a0f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86210B32904115BBDF206FA5CE8CA6E3571BF44358F20423BF901B62E1DBBC49419A5E
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402319 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402357
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0040A460,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402377
                                                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,?,?,?,0040A460,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023B0
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,0040A460,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402493
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1356686001-0
                                                                                                                                                                                                                                              • Opcode ID: b6f4f247d7d0ae3319dc5e24e2c3de07eca660428b233407ae8b6eb34338d133
                                                                                                                                                                                                                                              • Instruction ID: 87e3eab27a64c54b83edf31c6fc5fb34a185908cb1e9cfdfcb2c5e910e3a0e9b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6f4f247d7d0ae3319dc5e24e2c3de07eca660428b233407ae8b6eb34338d133
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74116371E00108BEEB10EFB5DE89EAF7A79EB50358F10403AF905B61D1D6B85D019A69
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401D1B Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDC.USER32(?), ref: 00401D22
                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                                                                                                                                              • CreateFontIndirectA.GDI32(0040B064), ref: 00401D8A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirect
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3272661963-0
                                                                                                                                                                                                                                              • Opcode ID: 4aff2da1ecbc0b46b4ebb4a1bc3754d5e437124edce295b0be6ec486ba38634f
                                                                                                                                                                                                                                              • Instruction ID: 5e6b0a242ffc9277152ed6cf63edc70abaf129c53bcded44f01e7363494148ce
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4aff2da1ecbc0b46b4ebb4a1bc3754d5e437124edce295b0be6ec486ba38634f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BF04471E89240AEE7016770AF1AB9B7F64D715305F104475F651B62E2C77914048BAE
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402BD4 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,00402DB4,00000001), ref: 00402BE7
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402C05
                                                                                                                                                                                                                                              • CreateDialogParamA.USER32(0000006F,00000000,00402B51,00000000), ref: 00402C22
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402C30
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2102729457-0
                                                                                                                                                                                                                                              • Opcode ID: b254695f6d3024de6991e78bd902d51a9eabd2695cbf76f56ec73d281620ca3d
                                                                                                                                                                                                                                              • Instruction ID: fe7f2a60441318f0c2a90f6d59b101c1e11520174a0dcb1e75ef42172c75ba50
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b254695f6d3024de6991e78bd902d51a9eabd2695cbf76f56ec73d281620ca3d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7FF05470A0D121ABD6746F55FE8CD8B7BA4F744B017540576F000B11A4DA785882CFAD
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00402036 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(004074B8,?,00000001,004074A8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402089
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409458,00000400,?,00000001,004074A8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402143
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Program Files (x86)\Fast!, xrefs: 004020C1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                                                                              • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                              • API String ID: 123533781-1788482285
                                                                                                                                                                                                                                              • Opcode ID: 36078a608850ed5d6ba3cbed8c9731654616b1bc21e84282af2a803188abdfec
                                                                                                                                                                                                                                              • Instruction ID: 191a2b8eefbfb1bddfad8f8f84b6cbb7561eb223b9fb57f38d09f1a7a57a31e1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36078a608850ed5d6ba3cbed8c9731654616b1bc21e84282af2a803188abdfec
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39413075A00104BFDB00EFA4CD89E9E7BBAEF49364B20426AF505EB2D1CA799D41CB54
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404DDD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 00404E13
                                                                                                                                                                                                                                              • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404E81
                                                                                                                                                                                                                                                • Part of subcall function 00403EA9: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403EBB
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                              • Opcode ID: 284444f2568d96eb5f499d391233f43a2f88d41ae364e0567807da02f849ec1b
                                                                                                                                                                                                                                              • Instruction ID: 765017f4a7fe1763b93213a0743e5224a7b8bf10e0e2635d7465f91e9f3f1348
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 284444f2568d96eb5f499d391233f43a2f88d41ae364e0567807da02f849ec1b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5116D71500218BFDF215F51DC81E9B7669BB84365F00803AFA08792A1C37C49518BEE
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00405401 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042C0C8,Error launching installer), ref: 00405426
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00405433
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Error launching installer, xrefs: 00405414
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                              • String ID: Error launching installer
                                                                                                                                                                                                                                              • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                              • Opcode ID: 0925aebfc32c6642fbbb941080814cd4d7ece6f22c8f43fc911f16656fd02ce2
                                                                                                                                                                                                                                              • Instruction ID: 8ba2d39aa234bef1b68f753dd4085f5a0355ab0b72bc814b33162f1b9dafcc5c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0925aebfc32c6642fbbb941080814cd4d7ece6f22c8f43fc911f16656fd02ce2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40E0E675A00209ABDB109FA4DC45A6F7B7CFF10305B404521E914F3151D774D5148A6D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040355F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,00000000,00403537,00403340,00000000), ref: 00403579
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00403580
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403571
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                              • API String ID: 1100898210-297319885
                                                                                                                                                                                                                                              • Opcode ID: 84b733c7cccae0041813714216a38e771799edba4f139ceaa0c0671ece6e2eb2
                                                                                                                                                                                                                                              • Instruction ID: bfe74e10b2793f4584c914afcf2a54bd359ebf4cfcfa0dffde5489d6b194198f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84b733c7cccae0041813714216a38e771799edba4f139ceaa0c0671ece6e2eb2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCE08C32901030A7DA211F15BC0475ABB6C6B49B32F01456AE801772B083742D424BE8
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004056DB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(80000000,C:\Users\user\AppData\Local\Temp,00402CA4,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\SetupResources.exe,80000000,00000003), ref: 004056E1
                                                                                                                                                                                                                                              • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Local\Temp,00402CA4,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\SetupResources.exe,80000000,00000003), ref: 004056EF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 004056DB
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                                              • API String ID: 2709904686-3067928993
                                                                                                                                                                                                                                              • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                                                                              • Instruction ID: 3f11d7040b39dee88ccc87d096f3af91d58a3172f7b65643d8c2c66232cec6f3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADD0A76280ADB01EF30352108C04B8F7A58CF13300F0948A2E040A21D1C6B85C418FFD
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004057ED Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057F4
                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 0040580D
                                                                                                                                                                                                                                              • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 0040581B
                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405824
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.1857186557.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857118573.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857239551.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857289282.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.1857389265.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                                                                                                                              • Opcode ID: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                                                                                                                                                                                                                              • Instruction ID: 9d1965df737bf6a3caf75c2c412474092f11d9bf319c7f7f540ae1764f3f27e9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69F0A737209D51ABD202AB255C04D6B7FA4EF91314B14447AF840F2280D779A925DBBB
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                              Function 00191260 Relevance: 80.7, APIs: 31, Strings: 15, Instructions: 216processCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • WTSGetActiveConsoleSessionId.KERNEL32 ref: 0019127D
                                                                                                                                                                                                                                              • WTSQueryUserToken.WTSAPI32(00000000,?), ref: 001912A3
                                                                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(?,00000013(TokenIntegrityLevel),00000000,00000004,?), ref: 001912DD
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 001912ED
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00191300
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000001), ref: 001913DE
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 0019142D
                                                                                                                                                                                                                                              • CreateProcessAsUserW.ADVAPI32(?,?,00000000,00000000,00000000,00000000,00000480,?,00000000,?,?), ref: 00191462
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00191479
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00191481
                                                                                                                                                                                                                                              • DestroyEnvironmentBlock.USERENV(?), ref: 00191489
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00191495
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0019149D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseHandle$TokenUserwsprintf$ActiveBlockConsoleCreateDestroyEnvironmentErrorInformationLastProcessQuerySession
                                                                                                                                                                                                                                              • String ID: $%ws\fast!\fast!.exe$D$Fast Engine: Convert SID error$Fast Engine: Create Env Block Error %d$Fast Engine: Create Process Error %d$Fast Engine: Duplicate Token Error$Fast Engine: Query User Token Error %d$Fast Engine: Set Token Info Error$Fast Engine: Token Error %d$Fast Engine: id:1$ProgramFiles$S-1-5-32-544$winsta0\default$s<u
                                                                                                                                                                                                                                              • API String ID: 413331851-3354286258
                                                                                                                                                                                                                                              • Opcode ID: 6fd59e41fd4fbfd3a11c3bfb26bb70a51b5d62ae5d3ebec351ab3d3eab3de4ca
                                                                                                                                                                                                                                              • Instruction ID: d0dc425b5c011e00bc41848186b2117d108fd423b42fc857a52106e119651545
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6fd59e41fd4fbfd3a11c3bfb26bb70a51b5d62ae5d3ebec351ab3d3eab3de4ca
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D7183B5B4011CAEDF20AB64DC45BDDB7B8EF44705F0440E6F608A2191DBB15ED48F69
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00191050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 48 191050-19107e StartServiceCtrlDispatcherW 49 19108a-19108f 48->49 50 191080-191089 GetLastError 48->50
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • StartServiceCtrlDispatcherW.ADVAPI32(?), ref: 00191076
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00191080
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CtrlDispatcherErrorLastServiceStart
                                                                                                                                                                                                                                              • String ID: FastSRV
                                                                                                                                                                                                                                              • API String ID: 3783796564-1196406248
                                                                                                                                                                                                                                              • Opcode ID: f539a0fa7a267dab060ad7c568dc70a88542634549d23a49eece4bb3ba997fbe
                                                                                                                                                                                                                                              • Instruction ID: 6f44b07430604a4a2d5db80dc0ebf627e90badabe62e4599fb562ac5f644c2d3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f539a0fa7a267dab060ad7c568dc70a88542634549d23a49eece4bb3ba997fbe
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BE0B674A0420DABDB10DFE4D90936EBBFCEB05309F044599EC18A2600E7B656948BA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00191090 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 65registrysynchronizationthreadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegisterServiceCtrlHandlerExW.ADVAPI32(FastSRV,Function_000011F0,00000000), ref: 0019109C
                                                                                                                                                                                                                                              • SetServiceStatus.SECHOST(00000000,001A6668), ref: 00191102
                                                                                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 0019110C
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0019112A
                                                                                                                                                                                                                                              • SetServiceStatus.ADVAPI32(001A6668), ref: 0019114A
                                                                                                                                                                                                                                              • SetServiceStatus.ADVAPI32(001A6668), ref: 00191183
                                                                                                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,Function_00001570,00000000,00000000,00000000), ref: 00191194
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0019119D
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 001911A9
                                                                                                                                                                                                                                              • SetServiceStatus.ADVAPI32(001A6668), ref: 001911E2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Service$Status$Create$CloseCtrlErrorEventHandleHandlerLastObjectRegisterSingleThreadWait
                                                                                                                                                                                                                                              • String ID: FastSRV
                                                                                                                                                                                                                                              • API String ID: 4143498620-1196406248
                                                                                                                                                                                                                                              • Opcode ID: bba10f29baf9cb936a9a2d79e1149fe644a13362aec34000fbfc83412251067a
                                                                                                                                                                                                                                              • Instruction ID: b8359fc98a2c410e2245b3fcd1be41ad4f160072a708a93a8f2b3f3dd62e14cf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bba10f29baf9cb936a9a2d79e1149fe644a13362aec34000fbfc83412251067a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C721A8B8685301EEE7509F61FC09B453EB0B716B09F0C4219F11896AE0E7FA14C4CF64
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00191570 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46sleepsynchronizationCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00191260: WTSGetActiveConsoleSessionId.KERNEL32 ref: 0019127D
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000), ref: 0019158D
                                                                                                                                                                                                                                              • WTSGetActiveConsoleSessionId.KERNEL32 ref: 001915A0
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 001915B3
                                                                                                                                                                                                                                              • Sleep.KERNELBASE(00002710), ref: 001915C9
                                                                                                                                                                                                                                                • Part of subcall function 00191260: WTSQueryUserToken.WTSAPI32(00000000,?), ref: 001912A3
                                                                                                                                                                                                                                                • Part of subcall function 00191260: GetTokenInformation.KERNELBASE(?,00000013(TokenIntegrityLevel),00000000,00000004,?), ref: 001912DD
                                                                                                                                                                                                                                                • Part of subcall function 00191260: GetLastError.KERNEL32 ref: 001912ED
                                                                                                                                                                                                                                                • Part of subcall function 00191260: wsprintfW.USER32 ref: 00191300
                                                                                                                                                                                                                                                • Part of subcall function 00191260: CloseHandle.KERNEL32(?,?,00000001), ref: 001913DE
                                                                                                                                                                                                                                                • Part of subcall function 00191260: wsprintfW.USER32 ref: 0019142D
                                                                                                                                                                                                                                                • Part of subcall function 00191260: CreateProcessAsUserW.ADVAPI32(?,?,00000000,00000000,00000000,00000000,00000480,?,00000000,?,?), ref: 00191462
                                                                                                                                                                                                                                                • Part of subcall function 00191260: CloseHandle.KERNEL32(?), ref: 00191479
                                                                                                                                                                                                                                                • Part of subcall function 00191260: CloseHandle.KERNEL32(?), ref: 00191481
                                                                                                                                                                                                                                                • Part of subcall function 00191260: DestroyEnvironmentBlock.USERENV(?), ref: 00191489
                                                                                                                                                                                                                                                • Part of subcall function 00191260: CloseHandle.KERNEL32(?), ref: 00191495
                                                                                                                                                                                                                                                • Part of subcall function 00191260: CloseHandle.KERNEL32(?), ref: 0019149D
                                                                                                                                                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 001915E3
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000), ref: 001915ED
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseHandle$wsprintf$ActiveConsoleObjectSessionSingleSleepTokenUserWait$BlockCreateDestroyEnvironmentErrorInformationLastProcessQuery
                                                                                                                                                                                                                                              • String ID: Fast Engine: id:%d$Fast Engine: id:1$s<u
                                                                                                                                                                                                                                              • API String ID: 4272876791-2397700945
                                                                                                                                                                                                                                              • Opcode ID: 93714018557bdc8add0c69ed2244e9cce0cfa9ed126f4a5b14a6ec3c92257609
                                                                                                                                                                                                                                              • Instruction ID: ffdfdbe72ce564449337e67cbc59251369686fb2cf559292cd8bb5034561168e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93714018557bdc8add0c69ed2244e9cce0cfa9ed126f4a5b14a6ec3c92257609
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A01F931744605FBEB107766EC46B3637A5EB43760F1A0222F919D75E0EBA05C9086A5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                              Function 00191E96 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00191EA2
                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 00191F6E
                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00191F8E
                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00191F98
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 254469556-0
                                                                                                                                                                                                                                              • Opcode ID: bd74bb365657d87777c8b4aa02c32beee4d76fc0663471f30310618b6e5400af
                                                                                                                                                                                                                                              • Instruction ID: c0d0b6af6b03782da35047d4aab6a3aed19a97fdee884de1d07c518032e5c3da
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd74bb365657d87777c8b4aa02c32beee4d76fc0663471f30310618b6e5400af
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84311875D0521CABDF21EFA4D989BCCBBF8BF08300F1041AAE40DAB250EB715A858F45
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 001915FE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00191020: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,0019162D,?,?,?,0019100A), ref: 00191025
                                                                                                                                                                                                                                                • Part of subcall function 00191020: GetLastError.KERNEL32(?,?,?,0019100A), ref: 0019102F
                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,0019100A), ref: 00191631
                                                                                                                                                                                                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0019100A), ref: 00191640
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0019163B
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                              • API String ID: 3511171328-631824599
                                                                                                                                                                                                                                              • Opcode ID: 4b3c7190b37b659c69fbbde89bf556c9ed515332a7efba6493ac65643b2f8690
                                                                                                                                                                                                                                              • Instruction ID: 98dff1714203339cfa6b0e99570beb8fb6009019e647418cfdd8e9d4eaacabbd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b3c7190b37b659c69fbbde89bf556c9ed515332a7efba6493ac65643b2f8690
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DE0ED70A007529BDB21EF25D5083427AE5AB14744F088C2DF856D6690E7F5E4C4CB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00191CB2 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00191CC8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2325560087-0
                                                                                                                                                                                                                                              • Opcode ID: cf1b59a1b64ac0c78bac97f0ce525b209d78e63b6f05842592c2888049c16520
                                                                                                                                                                                                                                              • Instruction ID: 17da1b5ad99b168c8c38a19dc486192d8cee2aabcb9bbe134425c7a984d07fce
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf1b59a1b64ac0c78bac97f0ce525b209d78e63b6f05842592c2888049c16520
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B751F3B1A147069FEF24CFA8D8853AEB7F5FB09310F20852AD811EB654D3749A80CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00198275 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                                                                                                              • Opcode ID: f4d0e92e6939f2a1feaece6cf4330bc525d9af8ff6d4ca0a11e1d67253b0f1d5
                                                                                                                                                                                                                                              • Instruction ID: bf56aae434f1e6a2fc430bbf10ab9968832b0c67c582bbe669ecda89ff8a7dfa
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4d0e92e6939f2a1feaece6cf4330bc525d9af8ff6d4ca0a11e1d67253b0f1d5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16A002707011018B57508F359B0530936D9574559170D80566515C5560F67944905F01
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 001933DB Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 112 1933db-193406 call 1943d5 115 19377a-19377f call 195d01 112->115 116 19340c-19340f 112->116 116->115 117 193415-19341e 116->117 119 19351b-193521 117->119 120 193424-193428 117->120 123 193529-193537 119->123 120->119 122 19342e-193435 120->122 124 19344d-193452 122->124 125 193437-19343e 122->125 126 19353d-193541 123->126 127 1936e3-1936e6 123->127 124->119 129 193458-193460 call 193096 124->129 125->124 128 193440-193447 125->128 126->127 132 193547-19354e 126->132 130 193709-193712 call 193096 127->130 131 1936e8-1936eb 127->131 128->119 128->124 144 193714-193718 129->144 148 193466-19347f call 193096 * 2 129->148 130->115 130->144 131->115 135 1936f1-193706 call 193780 131->135 136 193550-193557 132->136 137 193566-19356c 132->137 135->130 136->137 143 193559-193560 136->143 139 193683-193687 137->139 140 193572-193599 call 19221c 137->140 146 193689-193692 call 1925d2 139->146 147 193693-19369f 139->147 140->139 155 19359f-1935a2 140->155 143->127 143->137 146->147 147->130 152 1936a1-1936ab 147->152 148->115 170 193485-19348b 148->170 157 1936b9-1936bb 152->157 158 1936ad-1936af 152->158 162 1935a5-1935ba 155->162 160 1936bd-1936d0 call 193096 * 2 157->160 161 1936d2-1936df call 193e63 157->161 158->130 163 1936b1-1936b5 158->163 188 193719 call 195c66 160->188 179 19373e-193753 call 193096 * 2 161->179 180 1936e1 161->180 166 1935c0-1935c3 162->166 167 193664-193677 162->167 163->130 169 1936b7 163->169 166->167 173 1935c9-1935d1 166->173 167->162 172 19367d-193680 167->172 169->160 175 19348d-193491 170->175 176 1934b7-1934bf call 193096 170->176 172->139 173->167 178 1935d7-1935eb 173->178 175->176 181 193493-19349a 175->181 197 1934c1-1934e1 call 193096 * 2 call 193e63 176->197 198 193523-193526 176->198 183 1935ee-1935ff 178->183 205 193758-193775 call 19240f call 193d63 call 193f20 call 193cda 179->205 206 193755 179->206 180->130 186 19349c-1934a3 181->186 187 1934ae-1934b1 181->187 189 193601-193612 call 1938b6 183->189 190 193625-193632 183->190 186->187 195 1934a5-1934ac 186->195 187->115 187->176 201 19371e-193739 call 1925d2 call 193a6a call 194482 188->201 208 193614-19361d 189->208 209 193636-19365e call 19335b 189->209 190->183 193 193634 190->193 200 193661 193->200 195->176 195->187 197->198 226 1934e3-1934e8 197->226 198->123 200->167 201->179 205->115 206->205 208->189 214 19361f-193622 208->214 209->200 214->190 226->188 228 1934ee-193501 call 193abf 226->228 228->201 233 193507-193513 228->233 233->188 234 193519 233->234 234->228
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • type_info::operator==.LIBVCRUNTIME ref: 001934FA
                                                                                                                                                                                                                                              • ___TypeMatch.LIBVCRUNTIME ref: 00193608
                                                                                                                                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 0019375A
                                                                                                                                                                                                                                              • CallUnexpected.LIBVCRUNTIME ref: 00193775
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                                                              • API String ID: 2751267872-393685449
                                                                                                                                                                                                                                              • Opcode ID: 9bc5182c19b87fde3cd46550fca05f9ef0228d514181d6ea9a781744c19a7d4c
                                                                                                                                                                                                                                              • Instruction ID: 77122e80815cc03a95006df03c19bdd8936d707a5d7f933aa863e44d912fa1e0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9bc5182c19b87fde3cd46550fca05f9ef0228d514181d6ea9a781744c19a7d4c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3B16BB5800209EFDF29DFA4C8819AEBBB5FF24314B15455AF8216B212D731EB61CF91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00192EE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 235 192ee0-192f31 call 19dcf0 call 192ea0 call 193f8c 242 192f8d-192f90 235->242 243 192f33-192f45 235->243 244 192fb0-192fb9 242->244 245 192f92-192f9f call 194180 242->245 243->244 246 192f47-192f5e 243->246 250 192fa4-192fad call 192ea0 245->250 248 192f60-192f6e call 194120 246->248 249 192f74 246->249 257 192f70 248->257 258 192f84-192f8b 248->258 252 192f77-192f7c 249->252 250->244 252->246 255 192f7e-192f80 252->255 255->244 259 192f82 255->259 260 192fba-192fc3 257->260 261 192f72 257->261 258->250 259->250 262 192ffd-19300d call 194160 260->262 263 192fc5-192fcc 260->263 261->252 268 19300f-19301e call 194180 262->268 269 193021-19303d call 192ea0 call 194140 262->269 263->262 265 192fce-192fdd call 19da70 263->265 273 192ffa 265->273 274 192fdf-192ff7 265->274 268->269 273->262 274->273
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00192F17
                                                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00192F1F
                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00192FA8
                                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00192FD3
                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00193028
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                              • Opcode ID: d2621555555b9eaeab212546f168daa90a9caba54d3f690c0574aeb42c728de6
                                                                                                                                                                                                                                              • Instruction ID: 032295c99cba121ca58240c695f4a250861bcfd19f8f7157355e0b2b29879cac
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2621555555b9eaeab212546f168daa90a9caba54d3f690c0574aeb42c728de6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5141B034A00219ABCF10DF68C884A9EBBB5FF45324F148165F8199B3A2D731EE45CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00197E66 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 281 197e66-197e72 282 197f04-197f07 281->282 283 197f0d 282->283 284 197e77-197e88 282->284 287 197f0f-197f13 283->287 285 197e8a-197e8d 284->285 286 197e95-197eae LoadLibraryExW 284->286 288 197f2d-197f2f 285->288 289 197e93 285->289 290 197eb0-197eb9 GetLastError 286->290 291 197f14-197f24 286->291 288->287 293 197f01 289->293 294 197ebb-197ecd call 195e98 290->294 295 197ef2-197eff 290->295 291->288 292 197f26-197f27 FreeLibrary 291->292 292->288 293->282 294->295 298 197ecf-197ee1 call 195e98 294->298 295->293 298->295 301 197ee3-197ef0 LoadLibraryExW 298->301 301->291 301->295
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00197F75,001989BC,?,00000000,00000000,00000000,?,0019812C,00000022,FlsSetValue,0019FADC,0019FAE4,00000000), ref: 00197F27
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                              • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                              • Opcode ID: a979aad916e6a5a16b77d5427d0d371f45d3b06c0ff042cc7a1eb9e44dfe3df0
                                                                                                                                                                                                                                              • Instruction ID: 696ac7c1f8835157c9a20b280a5e1ce0540d6f07d21c08180dacc9e6505b1d34
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a979aad916e6a5a16b77d5427d0d371f45d3b06c0ff042cc7a1eb9e44dfe3df0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7021D672B15111ABCF22DB64EC40A6A7BA8EF42770F294165FD16B76D0EB70ED01C6E0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 001930A4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 302 1930a4-1930ab 303 1930ad-1930af 302->303 304 1930b0-1930cb GetLastError call 1942f8 302->304 307 1930cd-1930cf 304->307 308 1930e4-1930e6 304->308 309 19312a-193135 SetLastError 307->309 310 1930d1-1930e2 call 194333 307->310 308->309 310->308 313 1930e8-1930f8 call 195daa 310->313 316 1930fa-19310a call 194333 313->316 317 19310c-19311c call 194333 313->317 316->317 322 19311e-193120 316->322 323 193122-193129 call 19463e 317->323 322->323 323->309
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,0019309B,0019277E,0019204B), ref: 001930B2
                                                                                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 001930C0
                                                                                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 001930D9
                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,0019309B,0019277E,0019204B), ref: 0019312B
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                                                                                              • Opcode ID: 085bcd5de8576b2798eda74609df4df0d053b21d63dda92810bb8c265f660715
                                                                                                                                                                                                                                              • Instruction ID: fee2a51529b0f157ff1de59b4afb66fd80cb842b2e34d70e228e4cde3584f557
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 085bcd5de8576b2798eda74609df4df0d053b21d63dda92810bb8c265f660715
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E301F73221E7226EEF2427B4BC86A5B2BA5FB127B1760033AF530451F2FF514E425290
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00194E39 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 326 194e39-194e76 GetModuleHandleExW 327 194e99-194e9d 326->327 328 194e78-194e8a GetProcAddress 326->328 329 194ea8-194eb5 327->329 330 194e9f-194ea2 FreeLibrary 327->330 328->327 331 194e8c-194e97 328->331 330->329 331->327
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,196662B7,?,?,00000000,0019DDAA,000000FF,?,00194E15,?,?,00194DE9,00000000), ref: 00194E6E
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00194E80
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,0019DDAA,000000FF,?,00194E15,?,?,00194DE9,00000000), ref: 00194EA2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                              • Opcode ID: d95fe4cb0482acb08118e02cb5388979167cda5588d2c38973ab4839d2d6f395
                                                                                                                                                                                                                                              • Instruction ID: 9265bc92c6c0ef76e9f5ebaf5f46d2606c17c7161cfe3da6e439cce027683f68
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d95fe4cb0482acb08118e02cb5388979167cda5588d2c38973ab4839d2d6f395
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0601A275A44629EFDF11CB50DC05FAEBBF8FB04B11F04462AF812A26D0DBB49840CA91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0019A430 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 333 19a430-19a449 334 19a44b-19a45b call 19b731 333->334 335 19a45f-19a464 333->335 334->335 341 19a45d 334->341 336 19a471-19a497 call 1978a7 335->336 337 19a466-19a46e 335->337 343 19a60d-19a61e call 1916ac 336->343 344 19a49d-19a4a8 336->344 337->336 341->335 345 19a4ae-19a4b3 344->345 346 19a600 344->346 349 19a4cc 345->349 350 19a4b5-19a4be call 19dbe0 345->350 351 19a602 346->351 354 19a4cd call 199290 349->354 350->351 358 19a4c4-19a4ca 350->358 353 19a604-19a60b call 19942d 351->353 353->343 357 19a4d2-19a4d7 354->357 357->351 360 19a4dd 357->360 361 19a4e3-19a4e8 358->361 360->361 361->351 362 19a4ee-19a503 call 1978a7 361->362 362->351 365 19a509-19a524 call 19819d 362->365 365->351 368 19a52a-19a532 365->368 369 19a56c-19a578 368->369 370 19a534-19a539 368->370 372 19a57a-19a57c 369->372 373 19a5f5 369->373 370->353 371 19a53f-19a541 370->371 371->351 377 19a547-19a561 call 19819d 371->377 374 19a57e-19a587 call 19dbe0 372->374 375 19a591 372->375 376 19a5f7-19a5fe call 19942d 373->376 374->376 386 19a589-19a58f 374->386 379 19a592 call 199290 375->379 376->351 377->353 388 19a567 377->388 383 19a597-19a59c 379->383 383->376 387 19a59e 383->387 389 19a5a4-19a5a9 386->389 387->389 388->351 389->376 390 19a5ab-19a5c3 call 19819d 389->390 390->376 393 19a5c5-19a5cc 390->393 394 19a5ed-19a5f3 393->394 395 19a5ce-19a5cf 393->395 396 19a5d0-19a5e2 call 197961 394->396 395->396 396->376 399 19a5e4-19a5eb call 19942d 396->399 399->353
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 0019A4B5
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 0019A57E
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 0019A5E5
                                                                                                                                                                                                                                                • Part of subcall function 00199290: HeapAlloc.KERNEL32(00000000,00000000,?,?,00000003,00194768,?,001946D7,?,00000000,001948E6), ref: 001992C2
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 0019A5F8
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 0019A605
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1096550386-0
                                                                                                                                                                                                                                              • Opcode ID: 76771fc5ab7a9e8f4372747cf3264feddaf3ed8894fe854ca9e64044346ef25f
                                                                                                                                                                                                                                              • Instruction ID: e73ef50942df93ff24ea9fcb0280d4a9ebb987210571defeb64fa739c4c21fad
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76771fc5ab7a9e8f4372747cf3264feddaf3ed8894fe854ca9e64044346ef25f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4051C1B2600216AFEF215F65DC86EBB3BA9EF54750B5A0028FE04D7150EB70DC5486A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00194237 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 402 194237-19424c LoadLibraryExW 403 19424e-194257 GetLastError 402->403 404 194280-194281 402->404 405 194259-19426d call 195e98 403->405 406 19427e 403->406 405->406 409 19426f-19427d LoadLibraryExW 405->409 406->404
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,001941E8,00000000,?,001A5CCC,?,?,?,0019438B,00000004,InitializeCriticalSectionEx,0019ED60,InitializeCriticalSectionEx), ref: 00194244
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,001941E8,00000000,?,001A5CCC,?,?,?,0019438B,00000004,InitializeCriticalSectionEx,0019ED60,InitializeCriticalSectionEx,00000000,?,00193FD2), ref: 0019424E
                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00194276
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                                                              • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                              • Opcode ID: 02f0b2fa220f04834dc8a74db2cc2db70fbee156abfe043434123cbe0dc3f0e5
                                                                                                                                                                                                                                              • Instruction ID: e600601018c86e5bdc16db7df791d3d82247b440c42e7720f51271aaee3fe881
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02f0b2fa220f04834dc8a74db2cc2db70fbee156abfe043434123cbe0dc3f0e5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62E04F30380208F7EF105FA1FC46F183E99AB00B54F188031F90DA84E1E7B2E9518665
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0019A812 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 410 19a812-19a882 GetConsoleOutputCP 411 19a88b-19a8a9 410->411 412 19a884-19a886 call 195dc0 410->412 414 19abb8-19abd3 call 1916ac 411->414 415 19a8af-19a8b4 411->415 412->411 417 19a8b7-19a8cf 415->417 419 19aa01-19aa12 417->419 420 19a8d5-19a8e3 417->420 422 19aa32-19aa41 419->422 423 19aa14-19aa30 419->423 421 19a8e6-19a8e9 420->421 424 19a8eb-19a8f0 421->424 425 19a8f2-19a8fc 421->425 427 19aa43-19aa4c 422->427 428 19aa72-19aa77 422->428 426 19aa78-19aa87 call 199ce9 423->426 424->421 424->425 430 19a902-19a91a 425->430 431 19a9a6-19a9b6 425->431 426->414 440 19aa8d 426->440 432 19ab8f-19abae 427->432 433 19aa52-19aa67 call 199ce9 427->433 428->426 437 19ab41-19ab43 430->437 438 19a920-19a922 430->438 435 19a9bc-19a9ec call 19b5c2 431->435 436 19ab6e-19ab70 431->436 432->414 433->414 452 19aa6d-19aa70 433->452 435->414 455 19a9f2 435->455 442 19ab69-19ab6c 436->442 443 19ab72 436->443 437->442 446 19ab45-19ab48 437->446 444 19a925-19a92f 438->444 448 19aa90-19aab4 call 197961 440->448 442->414 450 19ab75-19ab8b 443->450 444->444 451 19a931-19a938 444->451 447 19ab4b-19ab64 446->447 447->447 453 19ab66 447->453 448->414 463 19aaba-19aacf WriteFile 448->463 450->450 456 19ab8d 450->456 457 19a93a-19a94a call 192790 451->457 458 19a94d-19a952 451->458 452->448 453->442 460 19a9f5-19a9fc 455->460 456->453 457->458 462 19a955-19a965 458->462 460->448 462->462 465 19a967-19a99e call 19b5c2 462->465 466 19abb0-19abb6 GetLastError 463->466 467 19aad5-19aaec 463->467 465->414 473 19a9a4 465->473 466->414 467->414 469 19aaf2-19aaf6 467->469 471 19aaf8-19ab15 WriteFile 469->471 472 19ab34-19ab37 469->472 471->466 474 19ab1b-19ab1f 471->474 472->414 475 19ab39-19ab3c 472->475 473->460 474->414 476 19ab25-19ab31 474->476 475->417 476->472
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetConsoleOutputCP.KERNEL32(196662B7,00000000,00000000,?), ref: 0019A875
                                                                                                                                                                                                                                                • Part of subcall function 00197961: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0019A5DB,?,00000000,-00000008), ref: 001979C2
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0019AAC7
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0019AB0D
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0019ABB0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2112829910-0
                                                                                                                                                                                                                                              • Opcode ID: 3962ab67fd119437a6589d86aea7c9ccf70fdc5fef38014efdb50165ed4d8298
                                                                                                                                                                                                                                              • Instruction ID: 100a42b387dd43ef80cdaef350ceefb09aa55a2fad25e21c27d2352c3ea03232
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3962ab67fd119437a6589d86aea7c9ccf70fdc5fef38014efdb50165ed4d8298
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59D18875E04248AFCF14CFE8C880AADBBB5FF09310F68456AE856EB351D730A945CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00193184 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 477 193184-19319a call 192070 480 1932aa 477->480 481 1931a0-1931a3 477->481 482 1932ac-1932bb 480->482 481->480 483 1931a9-1931ae 481->483 484 1931b8-1931bf 483->484 485 1931b0-1931b2 483->485 486 1931c1-1931c4 484->486 487 1931c6-1931ce 484->487 485->480 485->484 486->487 488 1931f0-1931f6 487->488 489 1931d0-1931d3 487->489 490 1931f8 488->490 491 193214-193217 488->491 489->488 492 1931d5-1931df 489->492 493 1931fb-1931fd 490->493 494 193219-19321d 491->494 495 193256-19325c 491->495 492->488 496 1931e1-1931ee 492->496 499 1932bc-1932d7 call 195d01 call 192070 493->499 500 193203-193205 493->500 494->499 501 193223-193225 494->501 497 19325e-193260 495->497 498 193281-193283 495->498 496->493 497->499 504 193262-193264 497->504 498->499 507 193285-193287 498->507 526 1932d9-1932db 499->526 527 1932dd-1932e0 499->527 500->499 505 19320b-193212 500->505 501->499 506 19322b-19323e call 192790 501->506 504->499 509 193266-19327f call 1926fe call 192790 504->509 510 19324b-193254 call 1926fe 505->510 518 193296-19329f 506->518 522 193240-193243 506->522 507->499 512 193289-193293 507->512 509->518 510->518 512->518 518->482 522->518 523 193245-193249 522->523 523->510 529 1932e3-1932fc call 193184 526->529 527->529 532 19331f-193332 call 1926fe call 193efd 529->532 533 1932fe-193301 529->533 536 193337-19334d 532->536 535 193303-19331d call 1926fe call 193f0d 533->535 533->536 535->536
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AdjustPointer
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1740715915-0
                                                                                                                                                                                                                                              • Opcode ID: d631a9c035b9a506119fb6746e98e2f6e09947125a0e612e7bcf3d7571cfabd2
                                                                                                                                                                                                                                              • Instruction ID: f1e2087cfb5e381799486acc3854afd9f0e67c41287b3c6d0e90f2b0ad6897b4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d631a9c035b9a506119fb6746e98e2f6e09947125a0e612e7bcf3d7571cfabd2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6651EF76A04702AFDF288F54D941BAAB7B8FF15310F14412DEC21976A1EB31EE81CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0019BFE8 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,0019B80C,00000000,00000001,00000000,?,?,0019AC04,?,00000000,00000000), ref: 0019BFFF
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,0019B80C,00000000,00000001,00000000,?,?,0019AC04,?,00000000,00000000,?,?,?,0019B1A7,00000000), ref: 0019C00B
                                                                                                                                                                                                                                                • Part of subcall function 0019BFD1: CloseHandle.KERNEL32(FFFFFFFE,0019C01B,?,0019B80C,00000000,00000001,00000000,?,?,0019AC04,?,00000000,00000000,?,?), ref: 0019BFE1
                                                                                                                                                                                                                                              • ___initconout.LIBCMT ref: 0019C01B
                                                                                                                                                                                                                                                • Part of subcall function 0019BF93: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0019BFC2,0019B7F9,?,?,0019AC04,?,00000000,00000000,?), ref: 0019BFA6
                                                                                                                                                                                                                                              • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,0019B80C,00000000,00000001,00000000,?,?,0019AC04,?,00000000,00000000,?), ref: 0019C030
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2744216297-0
                                                                                                                                                                                                                                              • Opcode ID: f5693af0834e2421dbb122047695bd42c3816341e4ec2d2428ad9ed0fcde58f3
                                                                                                                                                                                                                                              • Instruction ID: 39cd8562217b359cc9dafca8fdb7df44166b72621dd3c8aa391684396875f5cc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5693af0834e2421dbb122047695bd42c3816341e4ec2d2428ad9ed0fcde58f3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FF03936504218FBCF226FA5EC09A8A3FA6FB493A0F084012FA1896530D732C970DFD0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00193780 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000,?), ref: 001937A5
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.3213707428.0000000000191000.00000020.00000001.01000000.00000014.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213526048.0000000000190000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213845226.000000000019E000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3213927798.00000000001A5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.3214024360.00000000001A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_190000_FastSRV.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EncodePointer
                                                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                                                              • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                              • Opcode ID: 25a876e48b30ea51952b59c5db6b4f8a675116dd8e0bf1630213ef96b629a3a6
                                                                                                                                                                                                                                              • Instruction ID: 91d162d43ba9aceebb7a585735568181f3b0079796b910075347861aa07fd3d1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25a876e48b30ea51952b59c5db6b4f8a675116dd8e0bf1630213ef96b629a3a6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37417AB1900209EFCF16DFA8CC81AEEBBB5FF48304F188159F925A7261D335AA51DB51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                              Function 00932BB0 Relevance: 125.3, APIs: 42, Strings: 29, Instructions: 1067libraryloadersleepCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(ntdll.dll,113E2069,?,?,?,?,00A8CF47,000000FF), ref: 00932BE7
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,NtWow64ReadVirtualMemory64), ref: 00932BFB
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,NtWow64QueryInformationProcess64), ref: 00932C08
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 00932C15
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,NtSetInformationProcess), ref: 00932C22
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,NtSuspendProcess), ref: 00932C2F
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,NtResumeProcess), ref: 00932C3C
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,00A8CF47,000000FF), ref: 00932C72
                                                                                                                                                                                                                                                • Part of subcall function 00932AF0: LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 00932B10
                                                                                                                                                                                                                                                • Part of subcall function 00932AF0: GetCurrentProcess.KERNEL32 ref: 00932B3A
                                                                                                                                                                                                                                                • Part of subcall function 00932AF0: OpenProcessToken.ADVAPI32(00000000,00000020), ref: 00932B47
                                                                                                                                                                                                                                                • Part of subcall function 00932AF0: AdjustTokenPrivileges.KERNELBASE(?,00000000,00000002,00000010,00000000,00000000), ref: 00932B62
                                                                                                                                                                                                                                                • Part of subcall function 00932AF0: GetLastError.KERNEL32 ref: 00932B6C
                                                                                                                                                                                                                                                • Part of subcall function 00932AF0: FindCloseChangeNotification.KERNELBASE ref: 00932B75
                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A,?,?,000000FF), ref: 00932D3E
                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A,?,?,000000FF), ref: 00932D6B
                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000079), ref: 00932D83
                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000012), ref: 00932D8C
                                                                                                                                                                                                                                              • GetTickCount64.KERNEL32 ref: 00932D9A
                                                                                                                                                                                                                                              • GetCursorPos.USER32(00AF566C), ref: 00932DB1
                                                                                                                                                                                                                                              • K32EnumProcesses.KERNEL32(?,00004000,?,?,?,000000FF), ref: 00932E27
                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00932F87
                                                                                                                                                                                                                                              • K32GetProcessImageFileNameW.KERNEL32(00000000,?,000000FF), ref: 00932FA0
                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00932FA7
                                                                                                                                                                                                                                                • Part of subcall function 00931C60: GetDC.USER32(00000000), ref: 00931C76
                                                                                                                                                                                                                                                • Part of subcall function 00931C60: ReleaseDC.USER32(00000000,?), ref: 00931D65
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(ntdll,NtQueryInformationProcess), ref: 009331DB
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 009331E2
                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,?), ref: 009331F6
                                                                                                                                                                                                                                              • NtQueryInformationProcess.NTDLL(00000000,00000000,?,00000018,?), ref: 0093321A
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0093322A
                                                                                                                                                                                                                                              • WindowFromPoint.USER32(?,?,000000FF), ref: 00933542
                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 00933562
                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(?,?,000000FF), ref: 00933588
                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 009335A0
                                                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,?,000000FF), ref: 009335E0
                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 00933605
                                                                                                                                                                                                                                              • __Xtime_get_ticks.LIBCPMT ref: 0093360B
                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00933619
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,00002710,00000000), ref: 00933660
                                                                                                                                                                                                                                              • GetActiveWindow.USER32 ref: 00933666
                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 00933678
                                                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,Google Chrome,000000FF), ref: 009338F6
                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000200,00000000,?,00000004,00000004,00000000,?), ref: 00933A68
                                                                                                                                                                                                                                              • SetPriorityClass.KERNELBASE(00000000,00000020), ref: 00933A7A
                                                                                                                                                                                                                                              • SetProcessPriorityBoost.KERNELBASE(00000000,00000000), ref: 00933B07
                                                                                                                                                                                                                                              • NtSetInformationProcess.NTDLL(00000000,00000027,?,00000004), ref: 00933B19
                                                                                                                                                                                                                                              • NtSetInformationProcess.NTDLL(00000000,00000021,?,00000004), ref: 00933B2B
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00933B32
                                                                                                                                                                                                                                              • Sleep.KERNELBASE(0000000A,00000004,00000004,00000000,?), ref: 00933B7B
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Process$Window$AddressProc$CloseOpen$HandleInformationSleepThread$AsyncChangeCurrentFileFindNotificationPriorityStateTextToken$ActiveAdjustBoostClassCount64CursorEnumErrorForegroundFromImageLastLibraryLoadLookupMessageModuleNamePointPostPrivilegePrivilegesProcessesQueryReleaseTickUnothrow_t@std@@@ValueWriteXtime_get_ticks__ehfuncinfo$??2@
                                                                                                                                                                                                                                              • String ID: FileDescription$Google Chrome$NtQueryInformationProcess$NtResumeProcess$NtSetInformationProcess$NtSuspendProcess$NtWow64QueryInformationProcess64$NtWow64ReadVirtualMemory64$P,Tw@FTw@BTw$__fasttest__$chrome.exe$csrss.exe$dllhost.exe$dwm.exe$explorer.exe$firefox.exe$googledrivefs.exe$iexplore.exe$lsass.exe$lsm.exe$microsoftedge.exe$microsoftedgecp.exe$ntdll$ntdll.dll$services.exe$smss.exe$svchost.exe$tabtip${ "fast":{ "fast_tutorial_benchmark_done":%lld } }
                                                                                                                                                                                                                                              • API String ID: 3642366192-3338612201
                                                                                                                                                                                                                                              • Opcode ID: 8f9ade2923977b01959cb979c6f49a494b15184c1b25baaa6a7b59a39c34bde5
                                                                                                                                                                                                                                              • Instruction ID: c3b70e7c84d1b9a6b404b7b4f45f136b251e1b5f0835324463664990efc8dec9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f9ade2923977b01959cb979c6f49a494b15184c1b25baaa6a7b59a39c34bde5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ACA226B09007449FDB20DF64CC89BAAB7F8FF55300F094598E509972A1EB71AE85CF5A
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00934F80 Relevance: 65.2, APIs: 21, Strings: 16, Instructions: 423registrysleeppipeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 711 934f80-934fa2 call 9383bb 714 934fa8-934fb8 711->714 715 9354cd-9354d2 call 937ae0 711->715 719 935051 714->719 720 934fbe-934fc4 714->720 718 9354d7-9354dc call 937ae0 715->718 725 9354e1-935500 call a6c0b3 718->725 724 935053-935060 call 937800 719->724 722 934fc6-934fd1 call 939249 720->722 723 935039-93503f 720->723 736 934fd7-934fe5 call 937320 722->736 737 935066-93506d 722->737 727 935040-935049 723->727 724->737 734 935502-935505 725->734 735 93550a 725->735 727->727 731 93504b-93504f 727->731 731->724 734->735 736->737 746 934fe7-934ff9 736->746 739 935070-935076 737->739 741 935096-935098 739->741 742 935078-93507b 739->742 745 93509b-93509d 741->745 743 935092-935094 742->743 744 93507d-935085 742->744 743->745 744->741 747 935087-935090 744->747 748 9350a6-9350bf OpenEventW 745->748 749 93509f 745->749 750 934ffb-935007 call 9376c0 746->750 751 93500d-935028 call a72c08 call 9373b0 746->751 747->739 747->743 753 9350c1-9350c8 PulseEvent 748->753 754 9350cd-93512f CreateEventW call a77a55 call 932090 GetNativeSystemInfo GetCurrentProcess IsWow64Process call 937c40 748->754 749->748 750->751 751->718 767 93502e-935037 751->767 757 9354a0-9354ae 753->757 772 935130-935136 754->772 761 9354b0-9354b3 757->761 762 9354b8-9354ca call a6bd31 757->762 761->762 767->737 773 935156-935158 772->773 774 935138-93513b 772->774 777 93515b-935163 773->777 775 935152-935154 774->775 776 93513d-935145 774->776 775->777 776->773 778 935147-935150 776->778 779 93523b-9352a6 RegOpenKeyExW RegQueryValueExW RegCloseKey call a77c72 wsprintfW 777->779 780 935169-93516e 777->780 778->772 778->775 786 9352a9-9352bd 779->786 782 935173-935179 780->782 784 93517b-93517e 782->784 785 935199-93519b 782->785 787 935180-935188 784->787 788 935195-935197 784->788 789 93519e-9351a0 785->789 790 9352c0-9352c9 786->790 787->785 791 93518a-935193 787->791 788->789 789->779 792 9351a6-9351ab 789->792 790->790 793 9352cb-9352cf 790->793 791->782 791->788 794 9351b0-9351b6 792->794 797 9352d1-9352d8 793->797 798 935304-935372 call 931d90 wsprintfW RegCreateKeyW RegQueryValueW 793->798 795 9351d6-9351d8 794->795 796 9351b8-9351bb 794->796 801 9351db-9351dd 795->801 799 9351d2-9351d4 796->799 800 9351bd-9351c5 796->800 802 9352e0-9352f6 797->802 809 935391-935395 798->809 810 935374-93538f CloseHandle 798->810 799->801 800->795 804 9351c7-9351d0 800->804 801->779 805 9351df-9351e9 801->805 802->802 806 9352f8-9352fe 802->806 804->794 804->799 808 9351f0-9351f6 805->808 806->798 811 935216-935218 808->811 812 9351f8-9351fb 808->812 814 9353a1-9353a7 CloseHandle 809->814 815 935397-93539f CloseHandle 809->815 813 9353b5-93540f call a77a55 CreateNamedPipeW call a77a55 Sleep 810->813 820 93521b-93521d 811->820 818 935212-935214 812->818 819 9351fd-935205 812->819 828 935483 813->828 829 935411-935427 GetModuleFileNameW 813->829 816 9353a9-9353ae 814->816 815->816 816->813 818->820 819->811 822 935207-935210 819->822 820->779 823 93521f-935224 820->823 822->808 822->818 825 935227-935230 823->825 825->825 826 935232-935239 825->826 826->779 826->786 830 93548a-935491 828->830 831 935443-93546d call a778ec ShellExecuteW 829->831 832 935429 829->832 830->757 833 935493-93549e Sleep 830->833 831->830 834 935430-93543c 832->834 833->757 833->833 836 93546f-935475 834->836 837 93543e-935441 834->837 836->725 839 935477-935481 836->839 837->831 837->834 839->831
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • OpenEventW.KERNEL32(001F0003,00000001,Local\fast!,?,00000000), ref: 009350B2
                                                                                                                                                                                                                                              • PulseEvent.KERNEL32(00000000), ref: 009350C2
                                                                                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000000,Local\fast!), ref: 009350D8
                                                                                                                                                                                                                                              • GetNativeSystemInfo.KERNELBASE(00AF3730), ref: 009350FE
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00AF372C), ref: 00935109
                                                                                                                                                                                                                                              • IsWow64Process.KERNEL32(00000000), ref: 00935110
                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00000101,?), ref: 00935253
                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,MachineGuid,00000000,?,?,00000200), ref: 0093527B
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00935287
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 009352A4
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00935324
                                                                                                                                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 0093533C
                                                                                                                                                                                                                                              • RegQueryValueW.ADVAPI32(?,00ACEE74,?,00000400), ref: 0093535B
                                                                                                                                                                                                                                                • Part of subcall function 00937320: FindResourceW.KERNEL32(00000000,?,00000006,00939E47,?,?,00937462,00000000,00000000,?,00000000,?,00000010,?,0093C132,?), ref: 00937338
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00935374
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00935397
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 009353A1
                                                                                                                                                                                                                                              • CreateNamedPipeW.KERNELBASE(\\.\pipe\veryfastapp,00000003,00000000,00000001,00004000,00004000,00000000,00000000), ref: 009353DF
                                                                                                                                                                                                                                              • Sleep.KERNELBASE(000003E8), ref: 00935406
                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0093541F
                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,nwjs\nw,ui\.,00000000,00000001), ref: 00935467
                                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00935495
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Close$CreateEventHandle$OpenProcessQuerySleepValuewsprintf$CurrentExecuteFileFindInfoModuleNameNamedNativePipePulseResourceShellSystemWow64
                                                                                                                                                                                                                                              • String ID: %wsX$/noui$00000000-0000-0000-0000-000000000000$03000200-0400-0500-0006-000700080009$12345678-1234-5678-90AB-CDDEEFAABBCC$3BC72742-A345-A4E4-61BC-197C285C1019$FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF$Local\fast!$MachineGuid$SOFTWARE\Classes\CLSID\{%ws}$SOFTWARE\Microsoft\Cryptography$\$\\.\pipe\veryfastapp$nwjs\nw$open$ui\.
                                                                                                                                                                                                                                              • API String ID: 869260719-3203555835
                                                                                                                                                                                                                                              • Opcode ID: 3b4a56c1e43cdf4229ac45b0fb24fa2c96bbc64a936c7b611f357de042c2515e
                                                                                                                                                                                                                                              • Instruction ID: 0dabe8a1fdc67f39aa6271d10a01fa73c7a1143af9d6e516fbda48bc5ba1cd1e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b4a56c1e43cdf4229ac45b0fb24fa2c96bbc64a936c7b611f357de042c2515e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71E17FB1600A05ABDB14EBF0CC45B7A73B9EF58704F564468EA06EB191EB71DD82CF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00932AF0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 00932B10
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 00932B3A
                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000020), ref: 00932B47
                                                                                                                                                                                                                                              • AdjustTokenPrivileges.KERNELBASE(?,00000000,00000002,00000010,00000000,00000000), ref: 00932B62
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00932B6C
                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE ref: 00932B75
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00932B8C
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLastProcessToken$AdjustChangeCloseCurrentFindLookupNotificationOpenPrivilegePrivilegesValue
                                                                                                                                                                                                                                              • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                              • API String ID: 3700415687-2896544425
                                                                                                                                                                                                                                              • Opcode ID: eb72bd73643833bbb6399b4d13357fce7ac2c25869839c3acf66fd30b5eb47d4
                                                                                                                                                                                                                                              • Instruction ID: 3770c85e1a9fcf905234af149163b783f4f63e77811333760a68ec33054b14a8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb72bd73643833bbb6399b4d13357fce7ac2c25869839c3acf66fd30b5eb47d4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D113D70244702AFD714DFA0DC4AB6BBBE8EB48714F00491EF8998A2D1DB70A9058B92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00934040 Relevance: 219.8, APIs: 66, Strings: 59, Instructions: 1075registryfileserviceCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ConnectNamedPipe.KERNELBASE(000002D0,00000000), ref: 009340B3
                                                                                                                                                                                                                                              • ReadFile.KERNELBASE(?,000003FF,?,00000000), ref: 009340DC
                                                                                                                                                                                                                                              • GetTickCount64.KERNEL32 ref: 009341AA
                                                                                                                                                                                                                                              • OpenSCManagerW.ADVAPI32(?,?,000F003F), ref: 00934244
                                                                                                                                                                                                                                              • OpenServiceW.ADVAPI32(00000000,FastSRV,000F003F), ref: 00934255
                                                                                                                                                                                                                                              • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?), ref: 0093428B
                                                                                                                                                                                                                                              • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000002,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009342BE
                                                                                                                                                                                                                                              • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 009342C9
                                                                                                                                                                                                                                              • OpenSCManagerW.ADVAPI32(?,?,000F003F), ref: 00934314
                                                                                                                                                                                                                                              • OpenServiceW.ADVAPI32(00000000,FastSRV,000F003F), ref: 00934325
                                                                                                                                                                                                                                              • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?), ref: 0093435B
                                                                                                                                                                                                                                              • ControlService.ADVAPI32(00000000,00000001,?), ref: 00934378
                                                                                                                                                                                                                                              • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000004,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00934393
                                                                                                                                                                                                                                              • OpenSCManagerW.SECHOST(?,?,000F003F), ref: 009343D9
                                                                                                                                                                                                                                              • OpenServiceW.ADVAPI32(00000000,FastSRV,000F003F), ref: 009343EA
                                                                                                                                                                                                                                              • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?), ref: 00934403
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 0093442A
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,?,00000000), ref: 00934470
                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(?,open,eventvwr,/c:System /f:"*[System[(Level = 1 or Level = 2)]]",?,00000001), ref: 009344FC
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00934585
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,?,00000000), ref: 009345C4
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,?,00000000), ref: 009346C0
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00934722
                                                                                                                                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 0093473A
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 0093474E
                                                                                                                                                                                                                                              • RegSetValueW.ADVAPI32(?,00ACEE74,00000001,?,?), ref: 00934784
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00934790
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,?,00000000), ref: 00934811
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 0093483B
                                                                                                                                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00934859
                                                                                                                                                                                                                                              • RegQueryValueW.ADVAPI32(?,00ACEE74,?,?), ref: 00934874
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 009348A2
                                                                                                                                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 009348BA
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 009348CA
                                                                                                                                                                                                                                              • RegSetValueW.ADVAPI32(?,00ACEE74,00000001,?,?), ref: 00934904
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00934910
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 0093494D
                                                                                                                                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00934965
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00934979
                                                                                                                                                                                                                                              • RegSetValueW.ADVAPI32(?,00ACEE74,00000001,?,?), ref: 009349AB
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 009349B7
                                                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 00934A01
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00934A57
                                                                                                                                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00934A6F
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00934A83
                                                                                                                                                                                                                                              • RegSetValueW.ADVAPI32(?,00ACEE74,00000001,?,?), ref: 00934AB5
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00934AC1
                                                                                                                                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!,?), ref: 00934B7A
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,PixelURL,00000000,?,?,00000208), ref: 00934BA2
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00934BAE
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,?,00000000), ref: 00934BF8
                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(80000000,Word.Application,00000000,00000101,?), ref: 00934C42
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00934C68
                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(80000000,Excel.Application,00000000,00000101,?), ref: 00934C82
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00934CA6
                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(80000000,Powerpoint.Application,00000000,00000101,?), ref: 00934CC0
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00934CE4
                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(80000000,.pdf,00000000,00000101,?), ref: 00934CFE
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00934D1C
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,?,00000000), ref: 00934DA0
                                                                                                                                                                                                                                              • ReadFile.KERNELBASE(?,000003FF,?,00000000), ref: 00934F16
                                                                                                                                                                                                                                              • DisconnectNamedPipe.KERNEL32 ref: 00934F26
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: wsprintf$OpenService$Close$File$CreateValueWrite$Query$Handle$ManagerStatus$ChangeConfigNamedPipeRead$ConnectControlCount64DisconnectExecuteShellSleepStartTick
                                                                                                                                                                                                                                              • String ID: .pdf$/c:System /f:"*[System[(Level = 1 or Level = 2)]]"$1073741824$2.305$20231003095718.000000+060$232$3BC72742-A345-A4E4-61BC-197C285C1019$4193332$59478$64-bit$8387636$DHYWL2S$Excel.Application$FastSRV$Google Chrome$Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz$Microsoft Windows 10 Pro$None$PixelURL$Powerpoint.Application$SOFTWARE\Classes\CLSID\{%ws}$Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!$Word.Application$eetjff, Inc.$eventvwr$false$false$fast_AutoStartOff$fast_AutoStartOn$fast_AutoStartQuery$fast_getevents$fast_gethardware$fast_gettutorialapps$fast_geturlpixel$fast_license$fast_notify$fast_query$fast_quit$fast_reloadconfig$fast_restarttrial$fast_setexpire$fast_showevents$fast_start$fast_stop$fast_tutorialoff$fast_tutorialon$gfff$notify$open$true$true${ "fast":{ "fast_activation_failed":1 } }${ "fast":{ "fast_activation_success":1 } }${ "fast":{ "fast_activation_success":2 } }${ "fast":{ "urlpixel":"%ws" } }${ "fast":{"cpu_name":"%ws","gpu_name":"%ws","gpu_ram":"%ws","os_architecture":"%ws","os_installdate":"%ws","os_name":"%ws","os_mem${ "fast":{"serviceStarted":"%ws" } }${ "fast":{"tutorial_apps":1,"tutorial_apps_word":"%s","tutorial_apps_excel":"%s","tutorial_apps_powerpoint":"%s","tutorial_apps_pdf":"%s"} }${ "fast":{"version":"%ws","UUID":"%ws","trial":"%s","expired":"%s","running":"%s", "shownow":"%s", "interest":"%ws", "expectation":"%ws", "interestfaster":"%s", "defaultbrowser":"%ws", "proccount":"%d", "trialleftsecs":"%d" } }
                                                                                                                                                                                                                                              • API String ID: 1286144202-4232302339
                                                                                                                                                                                                                                              • Opcode ID: fcfb1a3a1e04df59bf19a83eb1be99f630182d642eff1c97a2850c673de30559
                                                                                                                                                                                                                                              • Instruction ID: e0e59d0d9fe0bce290090b705637ebe14cadfb585316a3d1615eb774d2cfa74d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fcfb1a3a1e04df59bf19a83eb1be99f630182d642eff1c97a2850c673de30559
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38824875A44288AADB20CBA0DC45FF67B7DEB15304F0505D9F605E7192EBB2AE49CF20
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00931D90 Relevance: 80.7, APIs: 17, Strings: 29, Instructions: 180registryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!,?), ref: 00931DB5
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,DisplayVersion,00000000,?,2.305,?), ref: 00931DEB
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,BrowserType,00000000,?,00AF4FD8,00000080), ref: 00931E17
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,cpu_name,00000000,?,Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz,00000080), ref: 00931E43
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,gpu_name,00000000,?,DHYWL2S,00000200), ref: 00931E6F
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,gpu_ram,00000000,?,1073741824,00000200), ref: 00931E9B
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,os_architecture,00000000,?,64-bit,00000200), ref: 00931EC7
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,os_installdate,00000000,?,20231003095718.000000+060,00000200), ref: 00931EF3
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,os_name,00000000,?,Microsoft Windows 10 Pro,00000200), ref: 00931F1F
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,os_mem,00000000,?,4193332,00000200), ref: 00931F4B
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,os_virtmem,00000000,?,8387636,00000200), ref: 00931F77
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,pc_vendor,00000000,?,eetjff, Inc.,00000200), ref: 00931FA3
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,pc_version,00000000,?,None,00000200), ref: 00931FCF
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,dsk_iosec,00000000,?,59478,00000200), ref: 00931FFB
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,dsk_mbsec,00000000,?,232,00000200), ref: 00932027
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,notify,00000000,?,?,00000200), ref: 00932055
                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?), ref: 0093207B
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: QueryValue$ChangeCloseCreateFindNotification
                                                                                                                                                                                                                                              • String ID: 1073741824$2.305$20231003095718.000000+060$232$4193332$59478$64-bit$8387636$BrowserType$DHYWL2S$DisplayVersion$Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz$Microsoft Windows 10 Pro$None$Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!$cpu_name$dsk_iosec$dsk_mbsec$eetjff, Inc.$gpu_name$gpu_ram$notify$os_architecture$os_installdate$os_mem$os_name$os_virtmem$pc_vendor$pc_version
                                                                                                                                                                                                                                              • API String ID: 982453973-1063618583
                                                                                                                                                                                                                                              • Opcode ID: b215c9866705d2b7c81af6db942116aaa42ddb08ce77cc5dc4ce4811017bee74
                                                                                                                                                                                                                                              • Instruction ID: cbf79bc21399adb68e8e226663b2e88bcd6c0f967c2c9c1b7a1bc154913f2bf7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b215c9866705d2b7c81af6db942116aaa42ddb08ce77cc5dc4ce4811017bee74
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 667196B194022CBEEB60DA50DC85FA9B7BCFB04700F5084E5B94DF6191DAB06F989F64
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00967CEF Relevance: 68.6, APIs: 34, Strings: 5, Instructions: 366stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 584 967cef-967d4c call a6c46f call 93fd2d GetDeviceCaps 589 967d67 584->589 590 967d4e-967d5d 584->590 592 967d69 589->592 591 967d5f-967d65 590->591 590->592 593 967d6b-967d73 591->593 592->593 594 967d75-967d79 593->594 595 967d89-967d91 593->595 594->595 598 967d7b-967d83 call 940999 DeleteObject 594->598 596 967da7-967daf 595->596 597 967d93-967d97 595->597 601 967dc5-967dcd 596->601 602 967db1-967db5 596->602 597->596 600 967d99-967da1 call 940999 DeleteObject 597->600 598->595 600->596 606 967de3-967deb 601->606 607 967dcf-967dd3 601->607 602->601 605 967db7-967dbf call 940999 DeleteObject 602->605 605->601 608 967e01-967e09 606->608 609 967ded-967df1 606->609 607->606 612 967dd5-967ddd call 940999 DeleteObject 607->612 614 967e1f-967e27 608->614 615 967e0b-967e0f 608->615 609->608 613 967df3-967dfb call 940999 DeleteObject 609->613 612->606 613->608 621 967e3d-967e45 614->621 622 967e29-967e2d 614->622 615->614 620 967e11-967e19 call 940999 DeleteObject 615->620 620->614 623 967e47-967e4b 621->623 624 967e5b-967e63 621->624 622->621 627 967e2f-967e37 call 940999 DeleteObject 622->627 623->624 628 967e4d-967e55 call 940999 DeleteObject 623->628 629 967e65-967e69 624->629 630 967e79-967e81 624->630 627->621 628->624 629->630 634 967e6b-967e73 call 940999 DeleteObject 629->634 635 967e97-967ef2 call 967981 call a6e5f0 GetTextCharsetInfo 630->635 636 967e83-967e87 630->636 634->630 648 967ef4-967ef7 635->648 649 967ef9-967efd 635->649 636->635 641 967e89-967e91 call 940999 DeleteObject 636->641 641->635 650 967f00-967f07 648->650 649->650 651 967eff 649->651 652 967f0b-967f23 lstrcpyW 650->652 653 967f09 650->653 651->650 654 967f25-967f2c 652->654 655 967f91-967fdb CreateFontIndirectW call 94081e call a78403 call a6c780 652->655 653->652 654->655 657 967f2e-967f48 EnumFontFamiliesW 654->657 668 967fe2-9680e8 CreateFontIndirectW call 94081e call 967981 CreateFontIndirectW call 94081e CreateFontIndirectW call 94081e CreateFontIndirectW call 94081e GetSystemMetrics lstrcpyW CreateFontIndirectW call 94081e GetStockObject 655->668 669 967fdd-967fdf 655->669 659 967f5f-967f7c EnumFontFamiliesW 657->659 660 967f4a-967f5d lstrcpyW 657->660 662 967f85 659->662 663 967f7e-967f83 659->663 660->655 664 967f8a-967f8b lstrcpyW 662->664 663->664 664->655 682 9680ee-9680fd GetObjectW 668->682 683 9681b8-9681c5 call 96863e 668->683 669->668 682->683 685 968103-9681b3 lstrcpyW CreateFontIndirectW call 94081e CreateFontIndirectW call 94081e GetObjectW CreateFontIndirectW call 94081e CreateFontIndirectW call 94081e 682->685 688 9681f0-9681f2 683->688 685->683 691 9681c7-9681ce 688->691 692 9681f4-968204 call 93fe38 688->692 693 9681d0-9681da call 94350d 691->693 694 96821a-96821f call 938fe3 691->694 700 968209-968219 call 93ffa8 call a6c41e 692->700 693->688 705 9681dc-9681ec 693->705 705->688
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 00967CF9
                                                                                                                                                                                                                                                • Part of subcall function 0093FD2D: __EH_prolog3.LIBCMT ref: 0093FD34
                                                                                                                                                                                                                                                • Part of subcall function 0093FD2D: GetWindowDC.USER32(00000000,00000004,00968286,00000000), ref: 0093FD60
                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(?,00000058), ref: 00967D19
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00967D83
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00967DA1
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00967DBF
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00967DDD
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00967DFB
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00967E19
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00967E37
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00967E55
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00967E73
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00967E91
                                                                                                                                                                                                                                              • GetTextCharsetInfo.GDI32(?,00000000,00000000), ref: 00967EC9
                                                                                                                                                                                                                                              • lstrcpyW.KERNEL32(?,?), ref: 00967F19
                                                                                                                                                                                                                                              • EnumFontFamiliesW.GDI32(?,00000000,0096781D,Segoe UI), ref: 00967F40
                                                                                                                                                                                                                                              • lstrcpyW.KERNEL32(?,Segoe UI), ref: 00967F53
                                                                                                                                                                                                                                              • EnumFontFamiliesW.GDI32(?,00000000,0096781D,Tahoma), ref: 00967F71
                                                                                                                                                                                                                                              • lstrcpyW.KERNEL32(?,MS Sans Serif), ref: 00967F8B
                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00967F95
                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00967FE6
                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00968025
                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00968051
                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00968072
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000048), ref: 00968091
                                                                                                                                                                                                                                              • lstrcpyW.KERNEL32(?,Marlett), ref: 009680A4
                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 009680AE
                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 009680DA
                                                                                                                                                                                                                                              • GetObjectW.GDI32(00000000,0000005C,?), ref: 009680F5
                                                                                                                                                                                                                                              • lstrcpyW.KERNEL32(?,Arial), ref: 00968136
                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00968140
                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00968159
                                                                                                                                                                                                                                              • GetObjectW.GDI32(00000000,0000005C,?), ref: 00968177
                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00968185
                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 009681A6
                                                                                                                                                                                                                                                • Part of subcall function 0096863E: __EH_prolog3_GS.LIBCMT ref: 00968645
                                                                                                                                                                                                                                                • Part of subcall function 0096863E: GetTextMetricsW.GDI32(?,?), ref: 0096867A
                                                                                                                                                                                                                                                • Part of subcall function 0096863E: GetTextMetricsW.GDI32(?,?), ref: 009686BB
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Object$Font$CreateDeleteIndirect$lstrcpy$MetricsText$EnumFamiliesH_prolog3_$CapsCharsetDeviceH_prolog3InfoStockSystemWindow
                                                                                                                                                                                                                                              • String ID: Arial$MS Sans Serif$Marlett$Segoe UI$Tahoma
                                                                                                                                                                                                                                              • API String ID: 2837096512-1395034203
                                                                                                                                                                                                                                              • Opcode ID: 5b7e1d7457a72bb651210d91ef1302a1c889d53e11582722e9278a96e5cf2e2a
                                                                                                                                                                                                                                              • Instruction ID: 37411f6c4635e141d89e5e050a6d3871ca96204ec28edc3731623d858d1d99c5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b7e1d7457a72bb651210d91ef1302a1c889d53e11582722e9278a96e5cf2e2a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EE16A70A047499FDB21DBF0CC48BEEBBB8BF45304F0444AAA14AAB291EF759945CF54
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00968220 Relevance: 64.8, APIs: 43, Instructions: 298COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00968227
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000016), ref: 00968230
                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 00968243
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000015), ref: 0096825A
                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 00968266
                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(?,0000000C), ref: 0096828E
                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 0096829C
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000010), ref: 009682AA
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000015), ref: 009682B8
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000016), ref: 009682C6
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000014), ref: 009682D4
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000012), ref: 009682E2
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000011), ref: 009682F0
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000006), ref: 009682FB
                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000D), ref: 00968306
                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000E), ref: 00968311
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000005), ref: 0096831C
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000008), ref: 0096832A
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000009), ref: 00968335
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000007), ref: 00968340
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000002), ref: 0096834B
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000003), ref: 00968356
                                                                                                                                                                                                                                              • GetSysColor.USER32(0000001B), ref: 00968364
                                                                                                                                                                                                                                              • GetSysColor.USER32(0000001C), ref: 00968372
                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000A), ref: 00968380
                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000B), ref: 0096838E
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000013), ref: 0096839C
                                                                                                                                                                                                                                              • GetSysColor.USER32(0000001A), ref: 009683C5
                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(00000010), ref: 009683D6
                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(00000014), ref: 009683E9
                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(00000005), ref: 009683FC
                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(?), ref: 0096841D
                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(00000010), ref: 0096843B
                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(?), ref: 00968459
                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(?), ref: 0096847A
                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(?), ref: 00968498
                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(?), ref: 009684B6
                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(?), ref: 009684D4
                                                                                                                                                                                                                                              • CreatePen.GDI32(00000000,00000001,00000000), ref: 009684FA
                                                                                                                                                                                                                                              • CreatePen.GDI32(00000000,00000001,00000000), ref: 0096851E
                                                                                                                                                                                                                                              • CreatePen.GDI32(00000000,00000001,00000000), ref: 00968542
                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(?), ref: 009685C0
                                                                                                                                                                                                                                              • CreatePatternBrush.GDI32(00000000), ref: 009685FE
                                                                                                                                                                                                                                                • Part of subcall function 00940925: DeleteObject.GDI32(00000000), ref: 00940934
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Color$BrushCreate$Solid$CapsDeleteDeviceH_prolog3ObjectPattern
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3754413814-0
                                                                                                                                                                                                                                              • Opcode ID: 59ac100bf43b5832ee88cb9b49d48fb4f8f42356908728fc2a43ee696e9e4a6b
                                                                                                                                                                                                                                              • Instruction ID: 1e6340300d8c665fd2c08262e663424e892f958f2fea008ef14cbb1ec6aeb92f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59ac100bf43b5832ee88cb9b49d48fb4f8f42356908728fc2a43ee696e9e4a6b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EBC18A71B40A16AFDB05AFF08809BADBBA0FF48711F44412AF615DA691DF35A522CFD0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00937C40 Relevance: 33.6, APIs: 14, Strings: 5, Instructions: 341commemoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 925 937c40-937c73 CoInitializeEx 926 937c79-937c93 CoInitializeSecurity 925->926 927 937dbc-937dce 925->927 928 937db6 CoUninitialize 926->928 929 937c99-937cba CoCreateInstance 926->929 928->927 929->928 930 937cc0-937cdf call 93930b 929->930 933 937ce1-937cfe SysAllocString 930->933 934 937d06 930->934 935 937d04 933->935 936 937fda-937fdf call a6d0a0 933->936 937 937d08-937d14 934->937 935->937 940 937fe4-937ffc call a6d0a0 936->940 937->936 939 937d1a-937d4e 937->939 944 937d50-937d54 939->944 945 937d85-937d87 939->945 948 938044-938049 940->948 949 937ffe-938007 940->949 950 937d63-937d68 944->950 951 937d56-937d5d SysFreeString 944->951 946 937d89-937da2 CoSetProxyBlanket 945->946 947 937dad-937db1 945->947 952 937da4-937da8 946->952 953 937dcf-937dee call 93930b 946->953 947->928 954 938009-93800d 949->954 955 93803e 949->955 956 937d7a-937d82 call a6c18e 950->956 957 937d6a-937d73 call 939343 950->957 951->950 952->947 968 937df0-937e0a call a6d0c0 953->968 969 937e0c 953->969 959 93800f-938016 SysFreeString 954->959 960 93801c-938021 954->960 955->948 956->945 957->956 959->960 964 938033-93803b call a6c18e 960->964 965 938023-93802c call 939343 960->965 964->955 965->964 975 937e0e-937e1a 968->975 969->975 975->936 976 937e20-937e3c call 93930b 975->976 980 937e5a 976->980 981 937e3e-937e58 call a6d0c0 976->981 983 937e5c-937e65 980->983 981->983 983->940 985 937e6b-937e92 983->985 987 937e94-937e98 985->987 988 937ecc-937ed9 985->988 991 937ea7-937eac 987->991 992 937e9a-937ea1 SysFreeString 987->992 989 937f10-937f14 988->989 990 937edb-937edf 988->990 989->952 997 937f1a-937f2d 989->997 993 937ee1-937ee8 SysFreeString 990->993 994 937eee-937ef3 990->994 995 937ebe-937ec9 call a6c18e 991->995 996 937eae-937eb7 call 939343 991->996 992->991 993->994 1001 937f05-937f0d call a6c18e 994->1001 1002 937ef5-937efe call 939343 994->1002 995->988 996->995 998 937fa6-937fbe CoUninitialize 997->998 999 937f2f 997->999 1015 937fc7-937fd9 998->1015 1005 937f35-937f4b 999->1005 1001->989 1002->1001 1005->998 1013 937f4d-937f68 1005->1013 1016 937f6c-937f76 1013->1016 1017 937f80-937f8e 1016->1017 1017->1017 1018 937f90-937fa4 VariantClear 1017->1018 1018->998 1018->1005
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,113E2069,?,?,?,?,?,?,?,?,00000000,00A8D18A,000000FF,?,00935125), ref: 00937C6B
                                                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,?,00000000), ref: 00937C8B
                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(00A9CCD0,00000000,00000001,00A9CCC0,00000000), ref: 00937CB2
                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(ROOT\CIMV2), ref: 00937CF4
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32 ref: 00937D57
                                                                                                                                                                                                                                              • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00937D9A
                                                                                                                                                                                                                                              • CoUninitialize.OLE32(?,?,?,?,?,?,00000000,00A8D18A,000000FF,?,00935125), ref: 00937DB6
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(-00000001), ref: 00937E9B
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(-00000001), ref: 00937EE2
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00937F94
                                                                                                                                                                                                                                              • CoUninitialize.OLE32(00000000), ref: 00937FBE
                                                                                                                                                                                                                                              • _com_issue_error.COMSUPP ref: 00937FDF
                                                                                                                                                                                                                                              • _com_issue_error.COMSUPP ref: 00937FE9
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(-00000001), ref: 00938010
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: String$Free$InitializeUninitialize_com_issue_error$AllocBlanketClearCreateInstanceProxySecurityVariant
                                                                                                                                                                                                                                              • String ID: 3BC72742-A345-A4E4-61BC-197C285C1019$ROOT\CIMV2$SELECT * FROM Win32_ComputerSystemProduct$UUID$WQL
                                                                                                                                                                                                                                              • API String ID: 1007591970-1955271257
                                                                                                                                                                                                                                              • Opcode ID: 3f74e27a154dae3516499199e40c44821935c81e94e76926a8512065c7fd2798
                                                                                                                                                                                                                                              • Instruction ID: 40076e861ebedf521192028f5a4d04526377f148b65c2e750d3a1f41f0680bf8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f74e27a154dae3516499199e40c44821935c81e94e76926a8512065c7fd2798
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16C1A4B0A04705ABEB20DFA4CD45BAAFBB8BF44714F204659F515AB2D0DBB5A901CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009323A0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 260memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1020 9323a0-9323ec call 9383bb 1023 9323f2-93241c GetFileVersionInfoSizeW 1020->1023 1024 9326a0-9326a5 call 937ae0 1020->1024 1029 932533-932540 GlobalAlloc 1023->1029 1030 932422-93242b call 9383bb 1023->1030 1026 9326aa-9326af call 937ae0 1024->1026 1034 9326b4-9326bf call 937ae0 1026->1034 1032 932546-93258e GetFileVersionInfoW VerQueryValueW * 2 1029->1032 1033 932619-93263b call 937250 1029->1033 1030->1026 1041 932431-932449 1030->1041 1036 932612-932613 GlobalFree 1032->1036 1037 932594-9325d9 wsprintfW VerQueryValueW 1032->1037 1046 932645-932659 1033->1046 1047 93263d-932640 1033->1047 1036->1033 1037->1036 1042 9325db-9325e3 1037->1042 1055 9324c1-9324ca call 937800 1041->1055 1056 93244b-932456 call 939249 1041->1056 1044 9325e5-9325e7 1042->1044 1045 9325e9-9325ee 1042->1045 1051 9325ff-93260c call 937800 1044->1051 1052 9325f0-9325f9 1045->1052 1048 932663-932678 1046->1048 1049 93265b-93265e 1046->1049 1047->1046 1053 932682-93269f call a6bd31 1048->1053 1054 93267a-93267d 1048->1054 1049->1048 1051->1036 1052->1052 1057 9325fb-9325fd 1052->1057 1054->1053 1063 9324cf-9324e3 1055->1063 1056->1063 1068 932458-93246a call 937320 1056->1068 1057->1051 1066 9324e5-9324e8 1063->1066 1067 9324ed-932501 1063->1067 1066->1067 1070 932503-932506 1067->1070 1071 93250b-932520 1067->1071 1068->1063 1074 93246c-932480 1068->1074 1070->1071 1071->1053 1073 932526-93252e 1071->1073 1073->1053 1075 932482-932485 call 9376c0 1074->1075 1076 93248a-9324ae call a72c08 call 9373b0 1074->1076 1075->1076 1076->1034 1083 9324b4-9324bf 1076->1083 1083->1063
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 0093240E
                                                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00000000), ref: 00932536
                                                                                                                                                                                                                                              • GetFileVersionInfoW.KERNELBASE(?,00000000,?,00000000), ref: 00932552
                                                                                                                                                                                                                                              • VerQueryValueW.VERSION(00000000,00ACEE68,?,?), ref: 0093256C
                                                                                                                                                                                                                                              • VerQueryValueW.KERNELBASE(00000000,\VarFileInfo\Translation,?,?), ref: 00932586
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 009325B2
                                                                                                                                                                                                                                              • VerQueryValueW.VERSION(00000000,?,?,?), ref: 009325D1
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00932613
                                                                                                                                                                                                                                                • Part of subcall function 00937320: FindResourceW.KERNEL32(00000000,?,00000006,00939E47,?,?,00937462,00000000,00000000,?,00000000,?,00000010,?,0093C132,?), ref: 00937338
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • \VarFileInfo\Translation, xrefs: 00932580
                                                                                                                                                                                                                                              • \StringFileInfo\%04x%04x\%s, xrefs: 009325AC
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: QueryValue$FileGlobalInfoVersion$AllocFindFreeResourceSizewsprintf
                                                                                                                                                                                                                                              • String ID: \StringFileInfo\%04x%04x\%s$\VarFileInfo\Translation
                                                                                                                                                                                                                                              • API String ID: 1007729861-2466519063
                                                                                                                                                                                                                                              • Opcode ID: 9e08e9f0e1f1050561a1448ac9d3561f3f91894f3d800d13c83b56cc550794c5
                                                                                                                                                                                                                                              • Instruction ID: ade40afcd06db47c2e03bc0e08073eed6b2098ed3fbc31f3459f20125a3c9967
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e08e9f0e1f1050561a1448ac9d3561f3f91894f3d800d13c83b56cc550794c5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAA19171600619ABDB14DF68CC89BAAB7B8EF44714F148299F906DB291DB34DE41CFA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093B925 Relevance: 15.1, APIs: 10, Instructions: 120memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1084 93b925-93b944 EnterCriticalSection 1085 93b946-93b94a 1084->1085 1086 93b95a-93b95d 1084->1086 1087 93b950-93b954 1085->1087 1088 93ba55-93ba64 LeaveCriticalSection call 938ffd 1085->1088 1089 93b987-93b989 1086->1089 1090 93b95f-93b962 1086->1090 1087->1086 1093 93ba18-93ba1e 1087->1093 1091 93b98a-93b993 1089->1091 1090->1088 1094 93b968-93b96d 1090->1094 1097 93b995-93b9a8 call 9381d3 GlobalAlloc 1091->1097 1098 93b9aa-93b9b7 GlobalHandle 1091->1098 1095 93ba23-93ba3c LeaveCriticalSection 1093->1095 1096 93ba20 1093->1096 1100 93b970-93b973 1094->1100 1096->1095 1111 93b9df-93b9e1 1097->1111 1102 93ba3d-93ba40 1098->1102 1103 93b9bd-93b9d9 GlobalUnlock call 9381d3 GlobalReAlloc 1098->1103 1104 93b975-93b97b 1100->1104 1105 93b97d-93b97f 1100->1105 1102->1088 1107 93ba42-93ba4c GlobalHandle 1102->1107 1103->1111 1104->1100 1104->1105 1105->1093 1106 93b985 1105->1106 1106->1091 1107->1088 1110 93ba4e-93ba4f GlobalLock 1107->1110 1110->1088 1111->1102 1113 93b9e3-93b9f1 GlobalLock 1111->1113 1113->1088 1114 93b9f3-93ba16 call a6e5f0 1113->1114 1114->1093
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00AEF2C0,?,00000010,?,00AEF2A4,00AEF2A4,?,0093BB83,00000004,0093AD59,00939031,0093924E,0093616E,?), ref: 0093B933
                                                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000002,00000000,?,00000010,?,00AEF2A4,00AEF2A4,?,0093BB83,00000004,0093AD59,00939031,0093924E,0093616E,?), ref: 0093B9A2
                                                                                                                                                                                                                                              • GlobalHandle.KERNEL32(00AEF2B4), ref: 0093B9AC
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,00000010,?,00AEF2A4,00AEF2A4,?,0093BB83,00000004,0093AD59,00939031,0093924E,0093616E,?), ref: 0093B9BE
                                                                                                                                                                                                                                              • GlobalReAlloc.KERNEL32(0093616E,00000000,00002002), ref: 0093B9D9
                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000,?,00000010,?,00AEF2A4,00AEF2A4,?,0093BB83,00000004,0093AD59,00939031,0093924E,0093616E,?), ref: 0093B9E4
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00AEF2C0,0093924E,0093616E,?,?,?,?,113E2069,?,?,00000000,80070057), ref: 0093BA30
                                                                                                                                                                                                                                              • GlobalHandle.KERNEL32(00AEF2B4), ref: 0093BA44
                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000,?,00000010,?,00AEF2A4,00AEF2A4,?,0093BB83,00000004,0093AD59,00939031,0093924E,0093616E,?), ref: 0093BA4F
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00AEF2C0,?,00000010,?,00AEF2A4,00AEF2A4,?,0093BB83,00000004,0093AD59,00939031,0093924E,0093616E,?), ref: 0093BA59
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2667261700-0
                                                                                                                                                                                                                                              • Opcode ID: 71ed807fb3116af56ca99e8bff88cd0a2ab2fe4dae70da644cc13b1989beb8a5
                                                                                                                                                                                                                                              • Instruction ID: 4ff265b458156244e49c7ff828495e1daf15b6fdb38f706082670549cafbd60f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71ed807fb3116af56ca99e8bff88cd0a2ab2fe4dae70da644cc13b1989beb8a5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E741BF71600602EFDB18DFA8D889B9ABBE8FF44315F14806AEA45DB151EB74DD41CFA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093B7B4 Relevance: 12.0, APIs: 8, Instructions: 34COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(0000000B), ref: 0093B7BA
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(0000000C), ref: 0093B7C5
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000002), ref: 0093B7D0
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000003), ref: 0093B7DE
                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 0093B7EC
                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 0093B7F7
                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0093B803
                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 0093B80F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1031845853-0
                                                                                                                                                                                                                                              • Opcode ID: 4ed99fe04458d08ed078fc31c1c571b27b34c8781ddbe9e17b297b651acbe4a4
                                                                                                                                                                                                                                              • Instruction ID: 171e563ed1e066f9379f4cd8e9cd7b5da7adffb529ffddb66d9f344be080e6ff
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ed99fe04458d08ed078fc31c1c571b27b34c8781ddbe9e17b297b651acbe4a4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89F0AF71A80B51ABD7109FF1AD4DB567B64FB45B22F004556F601DA2D0DF7585028F90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00A08FC2 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 38COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1128 a08fc2-a0900d call a6c43c call 948ee9 call 93c69c 1135 a09047-a09055 call 93c710 call a6c40a 1128->1135 1136 a0900f-a0903d GetProfileIntW * 2 1128->1136 1136->1135
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00A08FC9
                                                                                                                                                                                                                                                • Part of subcall function 0093C69C: EnterCriticalSection.KERNEL32(00AEF478,?,?,00000010,?,0093BAFA,00000010,00000008,0093AD73,0093ADB0,00939031,0093924E,0093616E,?), ref: 0093C6CD
                                                                                                                                                                                                                                                • Part of subcall function 0093C69C: InitializeCriticalSection.KERNEL32(00000000,?,?,00000010,?,0093BAFA,00000010,00000008,0093AD73,0093ADB0,00939031,0093924E,0093616E,?), ref: 0093C6E3
                                                                                                                                                                                                                                                • Part of subcall function 0093C69C: LeaveCriticalSection.KERNEL32(00AEF478,?,?,00000010,?,0093BAFA,00000010,00000008,0093AD73,0093ADB0,00939031,0093924E,0093616E,?), ref: 0093C6F1
                                                                                                                                                                                                                                                • Part of subcall function 0093C69C: EnterCriticalSection.KERNEL32(00000000,?,00000010,?,0093BAFA,00000010,00000008,0093AD73,0093ADB0,00939031,0093924E,0093616E,?), ref: 0093C6FE
                                                                                                                                                                                                                                              • GetProfileIntW.KERNEL32(windows,DragMinDist,00000002), ref: 00A0901C
                                                                                                                                                                                                                                              • GetProfileIntW.KERNEL32(windows,DragDelay,000000C8), ref: 00A09032
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterProfile$H_prolog3InitializeLeave
                                                                                                                                                                                                                                              • String ID: DragDelay$DragMinDist$windows
                                                                                                                                                                                                                                              • API String ID: 3965097884-2101198082
                                                                                                                                                                                                                                              • Opcode ID: 2cbb60daa2d0eba31acbc1293f87f6b10f16fbacf54404fb68112115ad0ef405
                                                                                                                                                                                                                                              • Instruction ID: 886c62d3db8c925ed6d29169e528b8a3a79b8be7a1731b8c2924a66ee3f52298
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2cbb60daa2d0eba31acbc1293f87f6b10f16fbacf54404fb68112115ad0ef405
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5018FB0A01B00AFD760EFB5994A76ABAF4BF48700F40592EF149DB692DBF49601CF44
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00932090 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1141 932090-9320fe RegCreateKeyW RegQueryValueExW FindCloseChangeNotification 1142 932101-93210a 1141->1142 1142->1142 1143 93210c-932113 1142->1143 1144 9321a6-9321b3 call a6bd31 1143->1144 1145 932119-932134 call a728ad 1143->1145 1150 932136-932142 call a7282f 1145->1150 1151 9321a5 1145->1151 1154 932144 1150->1154 1155 93218f-9321a3 call a728ad 1150->1155 1151->1144 1154->1155 1157 932183-932188 1154->1157 1158 932152-932157 1154->1158 1159 932160-932165 1154->1159 1160 932167-93216c 1154->1160 1161 932175-93217a 1154->1161 1162 93214b-932150 1154->1162 1163 93218a 1154->1163 1164 932159-93215e 1154->1164 1165 93216e-932173 1154->1165 1166 93217c-932181 1154->1166 1155->1150 1155->1151 1157->1155 1158->1155 1159->1155 1160->1155 1161->1155 1162->1155 1163->1155 1164->1155 1165->1155 1166->1155
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!,?), ref: 009320B4
                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,SettingV1,00000000,?,?,?), ref: 009320E6
                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?), ref: 009320F2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • SettingV1, xrefs: 009320DB
                                                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!, xrefs: 009320AA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ChangeCloseCreateFindNotificationQueryValue
                                                                                                                                                                                                                                              • String ID: SettingV1$Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!
                                                                                                                                                                                                                                              • API String ID: 1846511420-1092914162
                                                                                                                                                                                                                                              • Opcode ID: 78cda480e5d6e55042853b5048ee249d591677cf5e5e00f8a26419611292c93a
                                                                                                                                                                                                                                              • Instruction ID: db6e302dce12784aff8a9ee81e76d601a0310f43e020db29d2540439bb19c4dc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78cda480e5d6e55042853b5048ee249d591677cf5e5e00f8a26419611292c93a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0031A970E0924AFEDB10EFE0DECABBB7778A704340F504969D70B9A152E73459419FA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00967A2A Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000000,00AF1228), ref: 00967A87
                                                                                                                                                                                                                                              • VerSetConditionMask.KERNEL32(00000000), ref: 00967A8F
                                                                                                                                                                                                                                              • VerifyVersionInfoW.KERNEL32(0000011C,00000003,00000000), ref: 00967AA0
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00001000), ref: 00967AB1
                                                                                                                                                                                                                                                • Part of subcall function 00968220: __EH_prolog3.LIBCMT ref: 00968227
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000016), ref: 00968230
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(0000000F), ref: 00968243
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000015), ref: 0096825A
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(0000000F), ref: 00968266
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetDeviceCaps.GDI32(?,0000000C), ref: 0096828E
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(0000000F), ref: 0096829C
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000010), ref: 009682AA
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000015), ref: 009682B8
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000016), ref: 009682C6
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000014), ref: 009682D4
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000012), ref: 009682E2
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000011), ref: 009682F0
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000006), ref: 009682FB
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(0000000D), ref: 00968306
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(0000000E), ref: 00968311
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000005), ref: 0096831C
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000008), ref: 0096832A
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000009), ref: 00968335
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000007), ref: 00968340
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000002), ref: 0096834B
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(00000003), ref: 00968356
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(0000001B), ref: 00968364
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(0000001C), ref: 00968372
                                                                                                                                                                                                                                                • Part of subcall function 00968220: GetSysColor.USER32(0000000A), ref: 00968380
                                                                                                                                                                                                                                                • Part of subcall function 00967CEF: __EH_prolog3_GS.LIBCMT ref: 00967CF9
                                                                                                                                                                                                                                                • Part of subcall function 00967CEF: GetDeviceCaps.GDI32(?,00000058), ref: 00967D19
                                                                                                                                                                                                                                                • Part of subcall function 00967CEF: DeleteObject.GDI32(00000000), ref: 00967D83
                                                                                                                                                                                                                                                • Part of subcall function 00967CEF: DeleteObject.GDI32(00000000), ref: 00967DA1
                                                                                                                                                                                                                                                • Part of subcall function 00967CEF: DeleteObject.GDI32(00000000), ref: 00967DBF
                                                                                                                                                                                                                                                • Part of subcall function 00967CEF: DeleteObject.GDI32(00000000), ref: 00967DDD
                                                                                                                                                                                                                                                • Part of subcall function 00967CEF: DeleteObject.GDI32(00000000), ref: 00967DFB
                                                                                                                                                                                                                                                • Part of subcall function 00967CEF: DeleteObject.GDI32(00000000), ref: 00967E19
                                                                                                                                                                                                                                                • Part of subcall function 00967CEF: DeleteObject.GDI32(00000000), ref: 00967E37
                                                                                                                                                                                                                                                • Part of subcall function 00967B0F: GetSystemMetrics.USER32(00000031), ref: 00967B1D
                                                                                                                                                                                                                                                • Part of subcall function 00967B0F: GetSystemMetrics.USER32(00000032), ref: 00967B2B
                                                                                                                                                                                                                                                • Part of subcall function 00967B0F: SetRectEmpty.USER32(00AF1394), ref: 00967B3E
                                                                                                                                                                                                                                                • Part of subcall function 00967B0F: EnumDisplayMonitors.USER32(00000000,00000000,009679A7,00AF1394), ref: 00967B4E
                                                                                                                                                                                                                                                • Part of subcall function 00967B0F: SystemParametersInfoW.USER32(00000030,00000000,00AF1394,00000000), ref: 00967B5D
                                                                                                                                                                                                                                                • Part of subcall function 00967B0F: SystemParametersInfoW.USER32(00001002,00000000,00AF13B8,00000000), ref: 00967B8A
                                                                                                                                                                                                                                                • Part of subcall function 00967B0F: SystemParametersInfoW.USER32(00001012,00000000,00AF13BC,00000000), ref: 00967B9E
                                                                                                                                                                                                                                                • Part of subcall function 00967B0F: SystemParametersInfoW.USER32(0000100A,00000000,00AF13CC,00000000), ref: 00967BC4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Color$DeleteObjectSystem$Info$Parameters$Metrics$CapsConditionDeviceMask$DisplayEmptyEnumH_prolog3H_prolog3_MonitorsRectVerifyVersion
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 551326122-0
                                                                                                                                                                                                                                              • Opcode ID: 52acd225875a22b95b1af5323695718ef62059617646e5fb8660c00aafc51d30
                                                                                                                                                                                                                                              • Instruction ID: 3c2ab648378bde76450c0f5e16a294b8cca70201c4d2b5196ea6ed6fc1555daf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52acd225875a22b95b1af5323695718ef62059617646e5fb8660c00aafc51d30
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B11173B1A00218ABD725EFB19D56FEBB7BCEB89704F00445EB24696181DBB44A458F90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00A77A55 Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1181 a77a55-a77a60 1182 a77a77-a77a8d call a77a05 1181->1182 1183 a77a62-a77a76 call a72bf5 call a72af7 1181->1183 1189 a77a8f-a77aae CreateThread 1182->1189 1190 a77abd 1182->1190 1193 a77ab0-a77abc GetLastError call a72b9b 1189->1193 1194 a77ace-a77adb ResumeThread 1189->1194 1191 a77ac0-a77acd call a77977 1190->1191 1193->1190 1194->1193 1196 a77add-a77ae1 1194->1196 1196->1191
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateThread.KERNELBASE(00000000,?,Function_001478F7,00000000,00000004,00000000), ref: 00A77AA4
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,009350F1,00934F50,00000000,00000000), ref: 00A77AB0
                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00A77AB7
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2744730728-0
                                                                                                                                                                                                                                              • Opcode ID: 4b92b0ec846fd9a15a23167c282161911c932b4b81bb487f9f48cebd682681ac
                                                                                                                                                                                                                                              • Instruction ID: aefcfa041f6fec4d9116e231bead65ed2dcd018b30235922eb7e1add333bd2eb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b92b0ec846fd9a15a23167c282161911c932b4b81bb487f9f48cebd682681ac
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E501D272505604BBEB11AFA9CC09BAE7BA8EF817B1F20C215F529960E1DB708A41D760
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009326C0 Relevance: 3.3, APIs: 2, Instructions: 330COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1200 9326c0-93271a 1201 932720-93273d 1200->1201 1202 932a1c-932a4e call 937250 1200->1202 1204 932740-932751 GetDriveTypeW 1201->1204 1209 932a50-932a54 1202->1209 1210 932a8f-932aa4 1202->1210 1206 932757-932783 call a6e5f0 QueryDosDeviceW call 9383bb 1204->1206 1207 9329f5-932a06 1204->1207 1223 932788-93278c 1206->1223 1207->1204 1208 932a0c-932a12 1207->1208 1208->1202 1214 932a56-932a5c 1209->1214 1215 932a78-932a80 1209->1215 1212 932aa6-932aa9 1210->1212 1213 932aae-932acb call a6bd31 1210->1213 1212->1213 1214->1215 1218 932a5e-932a6a call a6db1a 1214->1218 1215->1209 1220 932a82 1215->1220 1228 932a72 1218->1228 1229 932a6c-932a70 1218->1229 1220->1210 1225 932792-9327b5 1223->1225 1226 932ad6-932ae0 call 937ae0 1223->1226 1233 9327b7-9327c2 call 939249 1225->1233 1234 932834-93283d 1225->1234 1228->1215 1229->1228 1231 932a84-932a8a call 935930 1229->1231 1231->1210 1240 932868-932878 1233->1240 1241 9327c8-9327d6 call 937320 1233->1241 1237 932840-932849 1234->1237 1237->1237 1239 93284b-932862 call 937800 1237->1239 1239->1240 1245 932894-9328a1 call 936b20 1240->1245 1246 93287a-932892 call 937250 1240->1246 1241->1240 1250 9327dc-9327f4 1241->1250 1252 9328a6-9328b8 1245->1252 1246->1252 1253 9327f6-932802 call 9376c0 1250->1253 1254 932808-932823 call a72c08 call 9373b0 1250->1254 1255 9328c2-9328cb call 9383bb 1252->1255 1256 9328ba-9328bd 1252->1256 1253->1254 1267 932829-932832 1254->1267 1268 932acc-932ad1 call 937ae0 1254->1268 1255->1226 1263 9328d1-9328f1 1255->1263 1256->1255 1269 9328f3-9328fe call 939249 1263->1269 1270 932970-932973 1263->1270 1267->1240 1268->1226 1276 932904-932912 call 937320 1269->1276 1277 93299b-9329ab 1269->1277 1273 932976-93297f 1270->1273 1273->1273 1275 932981-932995 call 937800 1273->1275 1275->1277 1276->1277 1286 932918-932930 1276->1286 1281 9329c7-9329d4 call 936b20 1277->1281 1282 9329ad-9329c5 call 937250 1277->1282 1288 9329d9-9329eb 1281->1288 1282->1288 1290 932932-93293e call 9376c0 1286->1290 1291 932944-93295f call a72c08 call 9373b0 1286->1291 1288->1207 1289 9329ed-9329f0 1288->1289 1289->1207 1290->1291 1291->1268 1298 932965-93296e 1291->1298 1298->1277
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDriveTypeW.KERNELBASE(?,113E2069), ref: 00932748
                                                                                                                                                                                                                                              • QueryDosDeviceW.KERNELBASE(?,?,00000103), ref: 0093277D
                                                                                                                                                                                                                                                • Part of subcall function 00937320: FindResourceW.KERNEL32(00000000,?,00000006,00939E47,?,?,00937462,00000000,00000000,?,00000000,?,00000010,?,0093C132,?), ref: 00937338
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DeviceDriveFindQueryResourceType
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2330459091-0
                                                                                                                                                                                                                                              • Opcode ID: f8a0e1778b1e238481251d22f867d729d1943a1ede4aec8823479135c505d240
                                                                                                                                                                                                                                              • Instruction ID: 23a129707e7cefe2262cd26b6b525b3b4cb0e2e610014fe0fadd9eebebeaffa0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8a0e1778b1e238481251d22f867d729d1943a1ede4aec8823479135c505d240
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08C1E1B5900615AFDB24DFA8DD89BAEB7F8EF44310F0445A9E805E7291EB34AE41CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00A778F7 Relevance: 3.0, APIs: 2, Instructions: 39threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1299 a778f7-a77908 call a6c630 1302 a77917-a7792a call a814aa call a83eb7 1299->1302 1303 a7790a-a77911 GetLastError ExitThread 1299->1303 1308 a7793c-a7794d 1302->1308 1309 a7792c-a77939 call a83d2c 1302->1309 1318 a7794d call 932bb0 1308->1318 1319 a7794d call 934040 1308->1319 1309->1308 1313 a7794f-a7796a call a77aeb call a7fbca 1318->1313 1319->1313
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00AE5800,0000000C), ref: 00A7790A
                                                                                                                                                                                                                                              • ExitThread.KERNEL32 ref: 00A77911
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1611280651-0
                                                                                                                                                                                                                                              • Opcode ID: d743a0ed358fcc569007e078dd2a0b84630cf948fb51219d1b7fa6463fc956c1
                                                                                                                                                                                                                                              • Instruction ID: ea5c53737e3b79bd3ef4b765e9ea59014a6390f9367c5a618fb8415f11ef7f86
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d743a0ed358fcc569007e078dd2a0b84630cf948fb51219d1b7fa6463fc956c1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4F08171A40604AFEB00BBB0D94AB2E7774EF41711F20C559F1055B292CB705A028B51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093BB3C Relevance: 1.5, APIs: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 0093BB43
                                                                                                                                                                                                                                                • Part of subcall function 0093B818: TlsAlloc.KERNEL32(00000010,0093BB6F,00000004,0093AD59,00939031,0093924E,0093616E,?,?,?,?,113E2069,?,?,00000000,80070057), ref: 0093B837
                                                                                                                                                                                                                                                • Part of subcall function 0093B818: InitializeCriticalSection.KERNEL32(00AEF2C0,?,?,?,113E2069,?,?,00000000,80070057), ref: 0093B848
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocCriticalH_prolog3InitializeSection
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2369468792-0
                                                                                                                                                                                                                                              • Opcode ID: 813d19726b7deb3cb2f255d429ba984f4f37b80b85cc4ca56301566fa4055e54
                                                                                                                                                                                                                                              • Instruction ID: 327bb4dea545e2fe62ae1db056b2c5b6980b2c78b46b8a7f1340cbf37383173d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 813d19726b7deb3cb2f255d429ba984f4f37b80b85cc4ca56301566fa4055e54
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B017C38A012529BDB24EFB5C85AAA97B79EF90360F104538AA41DF2A0DF30CD41CF40
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00A81895 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,00A77BF2,00000000,?,00A77BF2,00000000), ref: 00A818C7
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                              • Opcode ID: 47688613e7c304fe73beecfe48c1643a692e7d170038f308d3bf84e2ad1623b0
                                                                                                                                                                                                                                              • Instruction ID: 6f1b4da1a7f7cb749df6e9fad1966d13762ccaf738f93423e420aa04e5d2fff8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47688613e7c304fe73beecfe48c1643a692e7d170038f308d3bf84e2ad1623b0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EDE06D31644724ABFB213BEA9D06F6B7A9C9F817E0F154221EC0497491DA60DD4293A5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00967981 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000029,?,?,00000000), ref: 0096799D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InfoParametersSystem
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3098949447-0
                                                                                                                                                                                                                                              • Opcode ID: 9f3276d1fa409c1f5b3cf2966fe625afb71e099433359b480295a82559785ae0
                                                                                                                                                                                                                                              • Instruction ID: b0e7e51683f3ad13d2748c6ef080a04ccb8af17743f47f27fbb0aabcb1576d31
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f3276d1fa409c1f5b3cf2966fe625afb71e099433359b480295a82559785ae0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2D0C970184604AFE7019B80DC49FA277A8AB15714F444065F6084E1A1D7B26811CFA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00940925 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00940934
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DeleteObject
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1531683806-0
                                                                                                                                                                                                                                              • Opcode ID: 113295ae1ec9085c8c15429cd6864b78f123502e7c051f0d0de8f008de88ef7d
                                                                                                                                                                                                                                              • Instruction ID: 0291593e418cbd33fb2807bcfb9bf47adf062ced635aa05f1d1c7115739688f7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 113295ae1ec9085c8c15429cd6864b78f123502e7c051f0d0de8f008de88ef7d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEB012B4911203FEEF00E770990CB2A3A586BC031AF20AC9CF108D6103FF39C082C980
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                              Function 00983213 Relevance: 73.0, APIs: 48, Instructions: 1031windowkeyboardCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 0098321A
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0098327F
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0098329F
                                                                                                                                                                                                                                              • UpdateWindow.USER32(?), ref: 009832F0
                                                                                                                                                                                                                                              • SetCursor.USER32(?,?,00AEAA80,00000000), ref: 0098332E
                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000012), ref: 009833A6
                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,?,00000001,?,?,00AEAA80,00000000), ref: 009834AB
                                                                                                                                                                                                                                              • InflateRect.USER32(?,00000000,?), ref: 009834F1
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,?,00000000,00000401,?,00AEAA80,00000000), ref: 00983504
                                                                                                                                                                                                                                              • InflateRect.USER32(?,00000000,?), ref: 0098361E
                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,?,00000001,?), ref: 009835CC
                                                                                                                                                                                                                                                • Part of subcall function 0098088E: InvalidateRect.USER32(?,?,00000001,?), ref: 0098090C
                                                                                                                                                                                                                                                • Part of subcall function 0098088E: InflateRect.USER32(?,00000000,?), ref: 00980952
                                                                                                                                                                                                                                                • Part of subcall function 0098088E: RedrawWindow.USER32(?,?,00000000,00000401), ref: 00980966
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000505,00000000,00000000,?,00000000,?,00AEAA80,00000000), ref: 00983BE8
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(?), ref: 00983C91
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000505,?,?), ref: 00983CAF
                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 00983CB5
                                                                                                                                                                                                                                              • SetCapture.USER32(?,?,?), ref: 00983CC8
                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 00983D55
                                                                                                                                                                                                                                              • SetCapture.USER32(?), ref: 00983D68
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000362,0000E001,00000000), ref: 00983E56
                                                                                                                                                                                                                                              • UpdateWindow.USER32(?), ref: 00983EE2
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000111,00000000,00000000), ref: 00983F31
                                                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 00983F3D
                                                                                                                                                                                                                                              • IsIconic.USER32(?), ref: 00983F48
                                                                                                                                                                                                                                              • IsZoomed.USER32(?), ref: 00983F53
                                                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 00983F71
                                                                                                                                                                                                                                              • UpdateWindow.USER32(?), ref: 00983FCC
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Rect$CaptureRedraw$InflateInvalidateUpdate$MessageParentReleaseSend$AsyncCursorEmptyH_prolog3_IconicStateZoomed
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2060867187-0
                                                                                                                                                                                                                                              • Opcode ID: 878f5d0a72b537606e0810ba005c99abebdf6e1035fb3b237a09e50b7fc54968
                                                                                                                                                                                                                                              • Instruction ID: aab42e00cacb338ad97518e3901889da815f3199c30b53d3bbd58177759b7712
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 878f5d0a72b537606e0810ba005c99abebdf6e1035fb3b237a09e50b7fc54968
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D926F75A00615DFCF15EFA4DC48BADBBB5BF48710F14416AE819A73A0DB35AA02CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0095A85F Relevance: 28.9, APIs: 19, Instructions: 389windowkeyboardCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • MessageBeep.USER32(000000FF), ref: 0095A883
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0095A8D4
                                                                                                                                                                                                                                              • GetKeyState.USER32(00000010), ref: 0095A907
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,000000FF,?), ref: 0095A926
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$Send$BeepState
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4005977132-0
                                                                                                                                                                                                                                              • Opcode ID: 45037da414ed75a3057be5c2203d5ea1daf40144646110dc786f54b54da3a115
                                                                                                                                                                                                                                              • Instruction ID: 2a50ff3c6e4e2afd3699bcef7a21c9681259e88d6102f88c5f036e70257490b1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45037da414ed75a3057be5c2203d5ea1daf40144646110dc786f54b54da3a115
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4CD15A75A00108FBDF11DBE6C988EEEBBBDFB04321F100656F951E2190DB30AA49DB65
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00939539 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup), ref: 0093954D
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00939584
                                                                                                                                                                                                                                                • Part of subcall function 00939658: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00939708
                                                                                                                                                                                                                                                • Part of subcall function 00939658: SetLastError.KERNEL32(0000006F), ref: 0093971C
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • IsolationAware function called after IsolationAwareCleanup, xrefs: 00939548
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$DebugFileModuleNameOutputString
                                                                                                                                                                                                                                              • String ID: IsolationAware function called after IsolationAwareCleanup
                                                                                                                                                                                                                                              • API String ID: 3265401609-2690750368
                                                                                                                                                                                                                                              • Opcode ID: d5e10b66a7c0576c1fcee24224051422414caa154a0d461fcad8dbc983508409
                                                                                                                                                                                                                                              • Instruction ID: 822cf6c2e80fed6f8be8b6530fea52694af546b4deaa2a99034d6078733f9da4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5e10b66a7c0576c1fcee24224051422414caa154a0d461fcad8dbc983508409
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7F0C8756801658B9B3BDFE9AC847AA726C9B18751F100436FE05C5030D6A1CCC38FD6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009813BD Relevance: 4.7, APIs: 3, Instructions: 200COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindResourceW.KERNEL32(?,00000000,000000F1), ref: 009813E8
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(?,00000000), ref: 009813F8
                                                                                                                                                                                                                                              • LockResource.KERNEL32(00000000), ref: 00981407
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$FindLoadLock
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2752051264-0
                                                                                                                                                                                                                                              • Opcode ID: 51fdc14089ac908b42f73b84f2289ac1e5cd05704fe378814d641eb325815f81
                                                                                                                                                                                                                                              • Instruction ID: 51d887a535ebefbb546ba7f6fdedd32633508dbae90ff62fc39c29e9010e9e94
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51fdc14089ac908b42f73b84f2289ac1e5cd05704fe378814d641eb325815f81
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49716FB1E00209EFDF04EFA5C4457BEBBB9EF48311F14406AE945A7351DB349A42CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00A8324F Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00A83694,00000000,00000000,00000000), ref: 00A83553
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InformationTimeZone
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 565725191-0
                                                                                                                                                                                                                                              • Opcode ID: 41c4e2b59e04fc5f1f1aeb65521c5db5440f3cdb40516f8b6f3e1d7fd8822888
                                                                                                                                                                                                                                              • Instruction ID: d0f20ac36a14ef4d24933430eb18e18fdf29b40cb8b86bac1b3b8532d4cdd828
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41c4e2b59e04fc5f1f1aeb65521c5db5440f3cdb40516f8b6f3e1d7fd8822888
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5C1D472A00125AACF15FBA4DD42ABEBBB9EF44B50F144066F905AB291FB709F41C790
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0097C850 Relevance: 66.7, APIs: 19, Strings: 19, Instructions: 195COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,WINDOW,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C86C
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,TOOLBAR,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C88B
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,BUTTON,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C8AA
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,STATUS,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C8C9
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,REBAR,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C8E8
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,COMBOBOX,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C907
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,PROGRESS,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C926
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,HEADER,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C945
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,SCROLLBAR,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C964
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,EXPLORERBAR,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C983
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,TREEVIEW,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C9A2
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,STARTPANEL,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C9C1
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,TASKBAND,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C9E0
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,TASKBAR,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097C9FF
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,SPIN,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097CA1E
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,TAB,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097CA3D
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,TOOLTIP,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097CA5C
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(?,TRACKBAR,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097CA7B
                                                                                                                                                                                                                                              • OpenThemeData.UXTHEME(00000000,MENU,?,?,0097461D,?,0097466C,00000004,00951F31,00000000,00000004,00951DB5), ref: 0097CA96
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DataOpenTheme
                                                                                                                                                                                                                                              • String ID: BUTTON$COMBOBOX$EXPLORERBAR$HEADER$MENU$PROGRESS$REBAR$SCROLLBAR$SPIN$STARTPANEL$STATUS$TAB$TASKBAND$TASKBAR$TOOLBAR$TOOLTIP$TRACKBAR$TREEVIEW$WINDOW
                                                                                                                                                                                                                                              • API String ID: 1744092376-1233129369
                                                                                                                                                                                                                                              • Opcode ID: 853ae7dcf89915e38fc4f12a677b30b79d0157fc39459cd41862486a4064ff93
                                                                                                                                                                                                                                              • Instruction ID: b43d85e7d88e31442dbca67f53639bacec61f00cbb608ef43d866bf4c0e48ed1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 853ae7dcf89915e38fc4f12a677b30b79d0157fc39459cd41862486a4064ff93
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B46158FAB40711AFCB10AFB5CE09D157AE8BF887417048959B95DDF252EB74E4008F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096C174 Relevance: 44.1, APIs: 24, Strings: 1, Instructions: 327fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 0096C17E
                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00A9FDCC,00000000,00AA5F24,00000000,00ACEE68,00000000,?,00000A88,0096D404,?,00000000,00000038,0096C0BA), ref: 0096C21D
                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00ACEE68,00000000,?,00000A88,0096D404,?,00000000,00000038,0096C0BA), ref: 0096C2D0
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$CreateH_prolog3_ModuleName
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3408945735-3916222277
                                                                                                                                                                                                                                              • Opcode ID: b2e3897881f7a007a00a2297b1dde39643b0221683e30dff644ebf3e606c02d8
                                                                                                                                                                                                                                              • Instruction ID: 0861cec9e9501077a1265a9e1e7a4845ed8e882e0e4a330b5b04b3bc2a2dba13
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2e3897881f7a007a00a2297b1dde39643b0221683e30dff644ebf3e606c02d8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EC161B2A00618AFDB209FA0DC49FBE7778BF49310F1041A5F949A6591DB749E81CF61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00969731 Relevance: 34.7, APIs: 23, Instructions: 236windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 0096973B
                                                                                                                                                                                                                                              • CopyImage.USER32 ref: 00969771
                                                                                                                                                                                                                                                • Part of subcall function 0096CDD4: __EH_prolog3_GS.LIBCMT ref: 0096CDDE
                                                                                                                                                                                                                                                • Part of subcall function 0096CDD4: GetObjectW.GDI32(?,00000018,?), ref: 0096CE00
                                                                                                                                                                                                                                                • Part of subcall function 0096CDD4: GetObjectW.GDI32(?,00000054,?), ref: 0096CE45
                                                                                                                                                                                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 009697AB
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00969828
                                                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 00969856
                                                                                                                                                                                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 00969872
                                                                                                                                                                                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 009698BC
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 009698DF
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00969916
                                                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0096993C
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 00969957
                                                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(?), ref: 00969987
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 009699A5
                                                                                                                                                                                                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 009699E4
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 009699F9
                                                                                                                                                                                                                                              • BitBlt.GDI32(?,?,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00969A2F
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00969A41
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 00969A52
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00969A63
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00969AAB
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00969AC3
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 00969AD4
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00969AE0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Object$Select$Delete$CompatibleCreate$H_prolog3_$BitmapCopyImage
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1780083495-0
                                                                                                                                                                                                                                              • Opcode ID: 4bc8e053e752e54dbc9763acaf6d268248837fc16187b8412e9bd8eb8c14b6b0
                                                                                                                                                                                                                                              • Instruction ID: aebb07153fbb9400ae4ef1d988eebf10c4b2186c6b8a0cb052b30bd5903c9457
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bc8e053e752e54dbc9763acaf6d268248837fc16187b8412e9bd8eb8c14b6b0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7A1EC71A01629EFDB21DFA5CD48BE9B7B8BF09311F0041D9E55DA22A1DB309E94CF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094E523 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00003020), ref: 0094E54B
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00003020), ref: 0094E576
                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 0094E591
                                                                                                                                                                                                                                              • MapDialogRect.USER32(?,?), ref: 0094E5B9
                                                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,00000020,00000016), ref: 0094E5E3
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 0094E5F4
                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 0094E606
                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000015), ref: 0094E62A
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 0094E63F
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 0094E6A2
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 0094E6B9
                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 0094E6C8
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 0094E6F1
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 0094E700
                                                                                                                                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 0094E709
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Rect$Item$DialogEnableShow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 763981185-3916222277
                                                                                                                                                                                                                                              • Opcode ID: 453bd8345655508fcab7387ad0c3f70c6c42cbddb604a5bdbb6ff91ca8a78f81
                                                                                                                                                                                                                                              • Instruction ID: 581dd08f8c07f8dc6b3472bdc7c0e183dccd8a61f4d974162bd2114a22a1abcc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 453bd8345655508fcab7387ad0c3f70c6c42cbddb604a5bdbb6ff91ca8a78f81
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C461FB71A00609AFEB11DFE9CD89EAFBBB9FF88710F10451AF505A2251DB70A901DF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00963379 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 00963380
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009633D1
                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,0000004E), ref: 00963406
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 0096346D
                                                                                                                                                                                                                                              • SHGetDesktopFolder.SHELL32(?), ref: 00963496
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 009634C4
                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00963514
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$ClientCreateDesktopFolderH_prolog3_MenuParentPopupScreen
                                                                                                                                                                                                                                              • String ID: $
                                                                                                                                                                                                                                              • API String ID: 2088741424-3993045852
                                                                                                                                                                                                                                              • Opcode ID: facdd973a86860252e5d772e92e3bb228a06ee94f56e1ac5c3c89456c8226152
                                                                                                                                                                                                                                              • Instruction ID: 6ffaaad1c233f24862041cfe6f7048a1647e281af99f3c712e4c40f876d99197
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: facdd973a86860252e5d772e92e3bb228a06ee94f56e1ac5c3c89456c8226152
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38A14E71A00219AFDF15DFA4DC45AEDBBB9EF08710F14816AF905A72A1DB319E01CFA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009E77DD Relevance: 24.4, APIs: 16, Instructions: 392COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 009E77E4
                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 009E78A8
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 009E78DC
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 009E7903
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 009E7921
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 009E794C
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 009E797C
                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 009E79CA
                                                                                                                                                                                                                                              • OffsetRect.USER32(?,?,00000000), ref: 009E79DF
                                                                                                                                                                                                                                                • Part of subcall function 00A15C5A: __EH_prolog3.LIBCMT ref: 00A15C61
                                                                                                                                                                                                                                                • Part of subcall function 00A15C5A: SetRectEmpty.USER32 ref: 00A15D61
                                                                                                                                                                                                                                                • Part of subcall function 00A15C5A: SetRectEmpty.USER32(?), ref: 00A15D68
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(?), ref: 009E7A06
                                                                                                                                                                                                                                              • OffsetRect.USER32(?,?,?), ref: 009E7B9F
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 009E7BBF
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 009E7BF6
                                                                                                                                                                                                                                              • PtInRect.USER32(?,00000000,00000000), ref: 009E7C0A
                                                                                                                                                                                                                                              • OffsetRect.USER32(?,00000000,?), ref: 009E7C31
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 009E7C4C
                                                                                                                                                                                                                                                • Part of subcall function 009E7629: SetRectEmpty.USER32(?), ref: 009E767D
                                                                                                                                                                                                                                                • Part of subcall function 009E7629: IsRectEmpty.USER32(?), ref: 009E7687
                                                                                                                                                                                                                                                • Part of subcall function 009E7629: SetRectEmpty.USER32(?), ref: 009E76E3
                                                                                                                                                                                                                                                • Part of subcall function 009E7629: SetRectEmpty.USER32(00000001), ref: 009E76EC
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$Empty$Offset$Window$CursorH_prolog3H_prolog3_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 359163869-0
                                                                                                                                                                                                                                              • Opcode ID: 0dc83652c5f90bd75ddb8dfa800305208ce1e405c75772468767b241e50dd638
                                                                                                                                                                                                                                              • Instruction ID: 7f45295d1fc2ea2d663edd32f15119c8231a23a44a3ffdc07778e6400648b549
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0dc83652c5f90bd75ddb8dfa800305208ce1e405c75772468767b241e50dd638
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5DE19E31A04605DFCF16CFE5C888AADBBBAFF88310F144069E805AB255EB35AD02CF51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0095569B Relevance: 22.7, APIs: 15, Instructions: 176windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 009556A2
                                                                                                                                                                                                                                              • GetIconInfo.USER32(?,?), ref: 00955743
                                                                                                                                                                                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 00955752
                                                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 00955781
                                                                                                                                                                                                                                              • CopyImage.USER32(?,00000000,00000000,00000000,00002000), ref: 0095579D
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 009557B2
                                                                                                                                                                                                                                              • FillRect.USER32(?,?,?), ref: 009557F5
                                                                                                                                                                                                                                              • DrawIconEx.USER32(?,00000000,00000000,?,?,?,00000000,00000000,00000003), ref: 00955816
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00955827
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00955830
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00955845
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 0095584E
                                                                                                                                                                                                                                              • DestroyCursor.USER32(?), ref: 009558A1
                                                                                                                                                                                                                                              • DestroyCursor.USER32(?), ref: 009558AE
                                                                                                                                                                                                                                              • DestroyCursor.USER32(?), ref: 009558B9
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Object$CursorDeleteDestroy$IconSelect$CompatibleCopyCreateDrawFillH_prolog3_ImageInfoRect
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 233185908-0
                                                                                                                                                                                                                                              • Opcode ID: 21b741737bf9c632947c12174ac3e2755329513cd4ff0298b995f80999e9dcd8
                                                                                                                                                                                                                                              • Instruction ID: 824693632656822bb67fb1654281977bae28d7427a72ad52f919c2b57a682562
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21b741737bf9c632947c12174ac3e2755329513cd4ff0298b995f80999e9dcd8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC617771E00609DFDB14DFA4C855AAEBBB9FF08311F158129F801A7262DB309D05CF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0095149A Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 216COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 009514A1
                                                                                                                                                                                                                                                • Part of subcall function 0095382D: __EH_prolog3.LIBCMT ref: 00953834
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: H_prolog3
                                                                                                                                                                                                                                              • String ID: MFCButton$MFCColorButton$MFCEditBrowse$MFCFontComboBox$MFCLink$MFCMaskedEdit$MFCMenuButton$MFCPropertyGrid$MFCShellList$MFCShellTree$MFCVSListBox
                                                                                                                                                                                                                                              • API String ID: 431132790-2110171958
                                                                                                                                                                                                                                              • Opcode ID: 3c7a9bcef1881b88cd7cf1cb74bd2f2f4d463776fea712f130d53ab79b29b108
                                                                                                                                                                                                                                              • Instruction ID: 03e852efdb8b3fb21c128f1711f982ee998ecb5699124f79e6056d66389bdc86
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c7a9bcef1881b88cd7cf1cb74bd2f2f4d463776fea712f130d53ab79b29b108
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF610735A09316E9DF04F7FAE9067AE63E85F49351F24046EB841E72C2DF748A09CB15
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096B43B Relevance: 19.8, APIs: 13, Instructions: 321windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 0096B45C
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 0096B47E
                                                                                                                                                                                                                                              • IntersectRect.USER32(?,?,?), ref: 0096B4F6
                                                                                                                                                                                                                                              • IntersectRect.USER32(?,?,?), ref: 0096B59A
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 0096B5D8
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 0096B5EA
                                                                                                                                                                                                                                              • SelectObject.GDI32(?), ref: 0096B607
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 0096B620
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 0096B63F
                                                                                                                                                                                                                                              • AlphaBlend.MSIMG32(?,?,?,?,?,00000000,?,?,?,?,?), ref: 0096B6B1
                                                                                                                                                                                                                                              • StretchBlt.GDI32(?,?,?,?,?,?,?,?,?,00CC0020), ref: 0096B6F9
                                                                                                                                                                                                                                              • SelectObject.GDI32(?), ref: 0096B70B
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(?), ref: 0096B78A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$Empty$IntersectObjectSelect$AlphaBlendStretch
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3434778532-0
                                                                                                                                                                                                                                              • Opcode ID: fd97614412adf81ec29b146077a577d5e22c686af206131596e303c203fa6e83
                                                                                                                                                                                                                                              • Instruction ID: d2bcfb09f2f50a583aced5bcc2635aa5577c0b4c543a969b47157fb48b14f59f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd97614412adf81ec29b146077a577d5e22c686af206131596e303c203fa6e83
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77D1C372A0060AAFCF15CFA8C9849EEBBB9FF48314F154519F916E7210EB34E985CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00984165 Relevance: 18.4, APIs: 12, Instructions: 411timewindowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 0098416C
                                                                                                                                                                                                                                              • SetCursor.USER32(?,00000048,00983FEF), ref: 0098420B
                                                                                                                                                                                                                                                • Part of subcall function 0093FC25: __EH_prolog3.LIBCMT ref: 0093FC2C
                                                                                                                                                                                                                                                • Part of subcall function 0093FC25: GetDC.USER32(00000000), ref: 0093FC58
                                                                                                                                                                                                                                                • Part of subcall function 00949D06: __EH_prolog3_GS.LIBCMT ref: 00949D0D
                                                                                                                                                                                                                                                • Part of subcall function 00949D06: CreateRectRgnIndirect.GDI32(?), ref: 00949D47
                                                                                                                                                                                                                                                • Part of subcall function 00949D06: CopyRect.USER32(?,?), ref: 00949D5B
                                                                                                                                                                                                                                                • Part of subcall function 00949D06: InflateRect.USER32(?,?,?), ref: 00949D71
                                                                                                                                                                                                                                                • Part of subcall function 00949D06: IntersectRect.USER32(?,?,?), ref: 00949D7D
                                                                                                                                                                                                                                                • Part of subcall function 00949D06: CreateRectRgnIndirect.GDI32(?), ref: 00949D87
                                                                                                                                                                                                                                                • Part of subcall function 00949D06: CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 00949D9C
                                                                                                                                                                                                                                                • Part of subcall function 00949D06: CombineRgn.GDI32(?,?,?,00000003), ref: 00949DB6
                                                                                                                                                                                                                                                • Part of subcall function 00949D06: CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 00949E01
                                                                                                                                                                                                                                                • Part of subcall function 00949D06: SetRectRgn.GDI32(?,?,00000004,?,?), ref: 00949E1E
                                                                                                                                                                                                                                                • Part of subcall function 0093FD98: ReleaseDC.USER32(?,00000000), ref: 0093FDCC
                                                                                                                                                                                                                                              • GetFocus.USER32 ref: 009842A2
                                                                                                                                                                                                                                              • SetTimer.USER32(?,0000EC07,000001F4,00000000), ref: 00984393
                                                                                                                                                                                                                                              • TrackMouseEvent.USER32(?,?,00000000), ref: 009843CA
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000362,0000E001,00000000), ref: 00984450
                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,?,00000001,?), ref: 00984584
                                                                                                                                                                                                                                              • InflateRect.USER32(?,00000000,?), ref: 009845CA
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,?,00000000,00000401), ref: 009845DD
                                                                                                                                                                                                                                              • KillTimer.USER32(?,0000EC07), ref: 0098466C
                                                                                                                                                                                                                                              • SetTimer.USER32(?,0000EC07,000001F4,00000000), ref: 0098468A
                                                                                                                                                                                                                                              • UpdateWindow.USER32(?), ref: 009846B3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$Create$Timer$H_prolog3_IndirectInflateWindow$CombineCopyCursorEventFocusH_prolog3IntersectInvalidateKillMessageMouseRedrawReleaseSendTrackUpdate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 487985220-0
                                                                                                                                                                                                                                              • Opcode ID: 026335a3b84077b9d5608e14b4ae11859b56d0477bec5a1c83ba9403444867f5
                                                                                                                                                                                                                                              • Instruction ID: fa6a52a8ec1303f7c16993b360ff6c96da538f3422bac668313f94bf2c6a904d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 026335a3b84077b9d5608e14b4ae11859b56d0477bec5a1c83ba9403444867f5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82F15F70A00516EFCF19EFA4D854BBDB7B9BF44724F14422AF829973A0DB74A851CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0095E880 Relevance: 16.6, APIs: 11, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCapture.USER32 ref: 0095E8BC
                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 0095E8C6
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0095E8E0
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000015), ref: 0095E901
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000015), ref: 0095E929
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000120C,00000000,00000001), ref: 0095E969
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000120C,00000001,00000001), ref: 0095E99D
                                                                                                                                                                                                                                              • GetCapture.USER32 ref: 0095E9C5
                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 0095E9CF
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0095E9E9
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0095EA3F
                                                                                                                                                                                                                                                • Part of subcall function 00960775: __EH_prolog3_GS.LIBCMT ref: 0096077C
                                                                                                                                                                                                                                                • Part of subcall function 00960775: IsRectEmpty.USER32(?), ref: 00960797
                                                                                                                                                                                                                                                • Part of subcall function 00960775: InvertRect.USER32(?,?), ref: 009607AD
                                                                                                                                                                                                                                                • Part of subcall function 00960775: SetRectEmpty.USER32(?), ref: 009607BA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$Capture$ClientEmptyMessageMetricsReleaseSendSystem$H_prolog3_InvertRedrawWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 174338775-0
                                                                                                                                                                                                                                              • Opcode ID: 8e62cf74e24b93c42eacc112ad5945ce3b06ff51faf90789f7d09b1c02c3ead9
                                                                                                                                                                                                                                              • Instruction ID: bb267ff19f5577befea4ba1cda0eb930403947e8dc7b93c90dd93b65b9502833
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e62cf74e24b93c42eacc112ad5945ce3b06ff51faf90789f7d09b1c02c3ead9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A515B71A00615EFCB09DFA8C989BADBBB5FF48311F14416AE819E7290DB706E05CF81
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094226F Relevance: 15.5, APIs: 10, Instructions: 486COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ebb3eae8e386c20896cb8d940ebeb2e644ce2066764c29f7955b67e9e4ed40e4
                                                                                                                                                                                                                                              • Instruction ID: 3d0c185260e50b3ee659e49a540a613a65fbf9b5d6f572da457b67cb26566b63
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ebb3eae8e386c20896cb8d940ebeb2e644ce2066764c29f7955b67e9e4ed40e4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F02DE35A00615DFCB15CF98D884DAEB7BAFF49710FA18569F905AB320DB34AC81CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0095A099 Relevance: 15.3, APIs: 10, Instructions: 348windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 0095A0A0
                                                                                                                                                                                                                                                • Part of subcall function 0093CFA6: GetWindowLongW.USER32(?,000000F0), ref: 0093CFB3
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0095A0E3
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0095A224
                                                                                                                                                                                                                                              • MessageBeep.USER32(000000FF), ref: 0095A288
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0095A2A3
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C2,00000001,00000000), ref: 0095A1E4
                                                                                                                                                                                                                                                • Part of subcall function 0095B097: SendMessageW.USER32(?,000000B1,0000002E,000000FF), ref: 0095B0AB
                                                                                                                                                                                                                                                • Part of subcall function 0095B097: SendMessageW.USER32(?,000000B7,00000000,00000000), ref: 0095B0C3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$Send$BeepH_prolog3LongWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 29510489-0
                                                                                                                                                                                                                                              • Opcode ID: 20dc04cf980c25a074a202573d530cae786676885dd40c33368458c594c2a4f9
                                                                                                                                                                                                                                              • Instruction ID: c0c53f0924e2079e50f4f711c4865c56979ac7b435b5c10639b0b7bca8d82b81
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20dc04cf980c25a074a202573d530cae786676885dd40c33368458c594c2a4f9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73C16C71A0011AAFCF15DBE1C895EFEB7B9BF48311F104215F822A7291DB74AD09CB61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00956290 Relevance: 15.3, APIs: 10, Instructions: 343windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RealizePalette.GDI32(?), ref: 009562D8
                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FE,000000FE), ref: 009563DA
                                                                                                                                                                                                                                                • Part of subcall function 00956A87: __EH_prolog3.LIBCMT ref: 00956A8E
                                                                                                                                                                                                                                                • Part of subcall function 00956A87: GetSystemPaletteEntries.GDI32(?,00000000,00000100,00000004), ref: 00956B05
                                                                                                                                                                                                                                                • Part of subcall function 00956A87: CreatePalette.GDI32(00000000), ref: 00956B52
                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 00956405
                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 00956430
                                                                                                                                                                                                                                              • GetNearestPaletteIndex.GDI32(?,?), ref: 0095645F
                                                                                                                                                                                                                                              • FillRect.USER32(?,?,?), ref: 00956481
                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FE,000000FE), ref: 009564A8
                                                                                                                                                                                                                                              • FillRect.USER32(?,?,-00000098), ref: 00956522
                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 0095656F
                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 0095663D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$Inflate$Palette$Fill$CreateEntriesH_prolog3IndexNearestRealizeSystem
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1028858568-0
                                                                                                                                                                                                                                              • Opcode ID: d7170cee20426e44e8b53ff81fbe3a25fd184fd1e74bdf1fa69f12155544d0ed
                                                                                                                                                                                                                                              • Instruction ID: b38d8ed79520b5b13227016695c466e64b706a0ab5aec1aff7daac2c907947c1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7170cee20426e44e8b53ff81fbe3a25fd184fd1e74bdf1fa69f12155544d0ed
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7D16F719001189FCF01EFA9C945FAEB7BABF49321F144255F815AB2A1DB71AD0ACF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009E200B Relevance: 15.3, APIs: 10, Instructions: 265COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 009E203F
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,00000000), ref: 009E2096
                                                                                                                                                                                                                                              • CopyRect.USER32(00000000,?), ref: 009E20AE
                                                                                                                                                                                                                                              • PtInRect.USER32(?,00000000,?), ref: 009E219C
                                                                                                                                                                                                                                              • PtInRect.USER32(?,00000000,?), ref: 009E21CD
                                                                                                                                                                                                                                              • PtInRect.USER32(?,00000000,?), ref: 009E2209
                                                                                                                                                                                                                                              • PtInRect.USER32(?,00000000,?), ref: 009E2237
                                                                                                                                                                                                                                              • PtInRect.USER32(?,00000000,?), ref: 009E2297
                                                                                                                                                                                                                                              • PtInRect.USER32(?,00000000,?), ref: 009E22D4
                                                                                                                                                                                                                                              • PtInRect.USER32(?,00000000,?), ref: 009E231B
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$CopyParentWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 642869531-0
                                                                                                                                                                                                                                              • Opcode ID: 51164966153f44410d70400baecf096fa30e56cef0d1890815d8dda21466c487
                                                                                                                                                                                                                                              • Instruction ID: 4d0f7a4f1fc6bbedd302478f50d7bd16af004a9ef298a9b19dfc1a86301a2444
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51164966153f44410d70400baecf096fa30e56cef0d1890815d8dda21466c487
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95B1C472E002599FCF16CFA9C948AEEBBF9AF08310F14416AE919E7250D7349E45CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0097F88D Relevance: 15.2, APIs: 10, Instructions: 170windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EnableMenuItem.USER32(?,0000420F,00000001), ref: 0097F93E
                                                                                                                                                                                                                                              • EnableMenuItem.USER32(?,0000420E,00000001), ref: 0097F959
                                                                                                                                                                                                                                              • CheckMenuItem.USER32(?,00004212,00000008), ref: 0097F97A
                                                                                                                                                                                                                                              • CheckMenuItem.USER32(?,00004213,00000008), ref: 0097F99E
                                                                                                                                                                                                                                              • EnableMenuItem.USER32(?,00004212,00000001), ref: 0097F9BA
                                                                                                                                                                                                                                              • EnableMenuItem.USER32(?,00004212,00000001), ref: 0097F9E9
                                                                                                                                                                                                                                              • EnableMenuItem.USER32(?,00004213,00000001), ref: 0097F9F8
                                                                                                                                                                                                                                              • EnableMenuItem.USER32(?,00004214,00000001), ref: 0097FA07
                                                                                                                                                                                                                                              • EnableMenuItem.USER32(?,00004215,00000001), ref: 0097FA57
                                                                                                                                                                                                                                              • CheckMenuItem.USER32(?,00004215,00000008), ref: 0097FA6F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ItemMenu$Enable$Check
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1852492618-0
                                                                                                                                                                                                                                              • Opcode ID: 12650fcd9284b804ee53b724d6dafea9909f30c8804a7b02f1ecc2f497488506
                                                                                                                                                                                                                                              • Instruction ID: 0cb38ae9e8fa6448bfe80b0e931482e4c09598e6bcd4e561436e92ace3e8c885
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12650fcd9284b804ee53b724d6dafea9909f30c8804a7b02f1ecc2f497488506
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D251AC32700615FFDB219F64C955B69BBB9FF44720F04C166FA09AA2A5DB70AC41CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00960775 Relevance: 15.1, APIs: 10, Instructions: 109windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 0096077C
                                                                                                                                                                                                                                                • Part of subcall function 0093FC25: __EH_prolog3.LIBCMT ref: 0093FC2C
                                                                                                                                                                                                                                                • Part of subcall function 0093FC25: GetDC.USER32(00000000), ref: 0093FC58
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 00960797
                                                                                                                                                                                                                                              • InvertRect.USER32(?,?), ref: 009607AD
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(?), ref: 009607BA
                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,00000000), ref: 00960807
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000015), ref: 00960825
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000015), ref: 0096084B
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000120C,00000000,00000001), ref: 0096088C
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000120C,00000001,00000001), ref: 009608BC
                                                                                                                                                                                                                                              • InvertRect.USER32(?,?), ref: 009608C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$EmptyInvertMessageMetricsSendSystem$ClientH_prolog3H_prolog3_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3401445556-0
                                                                                                                                                                                                                                              • Opcode ID: fa87f976bd09979df695ec904d81a010c486773eab5a151e356e23a42b036b02
                                                                                                                                                                                                                                              • Instruction ID: 1989df79ad73d595f179875ee00e5f6a46125288dad83263b3e848dcf5a55477
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa87f976bd09979df695ec904d81a010c486773eab5a151e356e23a42b036b02
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5415632900618DFDF01DFA4CD89BAE7BB9FF84321F150069E805AB261DB756A45CFA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096154C Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 171windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000104B,00000000,?), ref: 00961581
                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 0096163D
                                                                                                                                                                                                                                              • GetMenuDefaultItem.USER32(?,00000000,00000000), ref: 0096167C
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 009616A6
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 009616FA
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0096170D
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,?,00000000,00000000), ref: 00961727
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Parent$MenuMessageSend$CreateDefaultItemPopup
                                                                                                                                                                                                                                              • String ID: $
                                                                                                                                                                                                                                              • API String ID: 3883924376-3993045852
                                                                                                                                                                                                                                              • Opcode ID: 740401593dbbd4791706026592342a678cfae00071296af8e94016ac771c4432
                                                                                                                                                                                                                                              • Instruction ID: 45b1518552fef9e6c9c35bfd288a42eb4b7af23da07355de3c955e948fe1d352
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 740401593dbbd4791706026592342a678cfae00071296af8e94016ac771c4432
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D514975A00619AFDB11DFA4DC84F9DBBB9FF08750F28406AE909E72A0DB35A901CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00939658 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 118libraryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(Comctl32.dll), ref: 009397EE
                                                                                                                                                                                                                                                • Part of subcall function 009395B4: GetProcAddress.KERNEL32(?,?), ref: 009395E2
                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00939708
                                                                                                                                                                                                                                              • SetLastError.KERNEL32(0000006F), ref: 0093971C
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00939773
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$AddressFileLibraryLoadModuleNameProc
                                                                                                                                                                                                                                              • String ID: $@$Comctl32.dll$GetModuleHandleExW
                                                                                                                                                                                                                                              • API String ID: 3640817601-4183358198
                                                                                                                                                                                                                                              • Opcode ID: 34aa124b9bf4e474a6ff54e703382847a31d18d8b10fb6d94ab48fc97c134651
                                                                                                                                                                                                                                              • Instruction ID: 98ee7ef08d693349c15d4298814451a7a699f5b8bec1157ac5154f77930cd785
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34aa124b9bf4e474a6ff54e703382847a31d18d8b10fb6d94ab48fc97c134651
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E941B871A14614AADB30DFA89C89B9D72BCFB85710F100666E509E62D0DBF49E81CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009321F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 115registryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetTickCount64.KERNEL32 ref: 00932220
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 009322FB
                                                                                                                                                                                                                                              • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00932313
                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00932327
                                                                                                                                                                                                                                              • RegSetValueW.ADVAPI32(?,00ACEE74,00000001,?,?), ref: 00932359
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00932365
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • 3BC72742-A345-A4E4-61BC-197C285C1019, xrefs: 009322F0
                                                                                                                                                                                                                                              • SOFTWARE\Classes\CLSID\{%ws}, xrefs: 009322F5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: wsprintf$CloseCount64CreateHandleTickValue
                                                                                                                                                                                                                                              • String ID: 3BC72742-A345-A4E4-61BC-197C285C1019$SOFTWARE\Classes\CLSID\{%ws}
                                                                                                                                                                                                                                              • API String ID: 100201662-1930758478
                                                                                                                                                                                                                                              • Opcode ID: 8fa4d2334049fc82b9e426c6190dad3ab8cefc6782f0dfceaf9c2f1c66b47229
                                                                                                                                                                                                                                              • Instruction ID: eb3e2e19f4e8edba1da37c6d7f7e18dffff5a7164888c0eba91a63e2e4937f31
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fa4d2334049fc82b9e426c6190dad3ab8cefc6782f0dfceaf9c2f1c66b47229
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E41D7B1A006189FDB14CBE8ED84B99BBF9EB48300F4841A9E709EB391D7745D86CF54
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00A101A1 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 95sleepthreadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00AF293C,?,?,?,00985BC5,00000001), ref: 00A101C6
                                                                                                                                                                                                                                              • SetThreadPriority.KERNEL32(00000000,000000FF), ref: 00A101F7
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00AF293C), ref: 00A1020D
                                                                                                                                                                                                                                              • PlaySoundW.WINMM(MenuCommand,00000000,00012002), ref: 00A1025D
                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000005,?,00AF293C,?,?,?,?,00985BC5,00000001), ref: 00A10288
                                                                                                                                                                                                                                              • PlaySoundW.WINMM(00000000,00000000,00000040), ref: 00A1029D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalPlaySectionSound$EnterLeavePrioritySleepThread
                                                                                                                                                                                                                                              • String ID: MenuCommand$MenuPopup
                                                                                                                                                                                                                                              • API String ID: 2370138168-2036262055
                                                                                                                                                                                                                                              • Opcode ID: 2f96fcc0b3ef5e109cac5501609795cc639b920739695c9e8e243d266184697c
                                                                                                                                                                                                                                              • Instruction ID: e676c476b467f08ff69a89f09c3652ca7ad71c88e943b949b8771f9d2f1443ff
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f96fcc0b3ef5e109cac5501609795cc639b920739695c9e8e243d266184697c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E331D131641741ABC2209BE8AD8DFFE3BA8A796770F200325F624975E0C6F058C7CB11
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00A150F5 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00A150FC
                                                                                                                                                                                                                                                • Part of subcall function 0093C69C: EnterCriticalSection.KERNEL32(00AEF478,?,?,00000010,?,0093BAFA,00000010,00000008,0093AD73,0093ADB0,00939031,0093924E,0093616E,?), ref: 0093C6CD
                                                                                                                                                                                                                                                • Part of subcall function 0093C69C: InitializeCriticalSection.KERNEL32(00000000,?,?,00000010,?,0093BAFA,00000010,00000008,0093AD73,0093ADB0,00939031,0093924E,0093616E,?), ref: 0093C6E3
                                                                                                                                                                                                                                                • Part of subcall function 0093C69C: LeaveCriticalSection.KERNEL32(00AEF478,?,?,00000010,?,0093BAFA,00000010,00000008,0093AD73,0093ADB0,00939031,0093924E,0093616E,?), ref: 0093C6F1
                                                                                                                                                                                                                                                • Part of subcall function 0093C69C: EnterCriticalSection.KERNEL32(00000000,?,00000010,?,0093BAFA,00000010,00000008,0093AD73,0093ADB0,00939031,0093924E,0093616E,?), ref: 0093C6FE
                                                                                                                                                                                                                                              • GetProfileIntW.KERNEL32(windows,DragScrollInset,0000000B), ref: 00A15147
                                                                                                                                                                                                                                              • GetProfileIntW.KERNEL32(windows,DragScrollDelay,00000032), ref: 00A1515A
                                                                                                                                                                                                                                              • GetProfileIntW.KERNEL32(windows,DragScrollInterval,00000032), ref: 00A1516D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalSection$Profile$Enter$H_prolog3InitializeLeave
                                                                                                                                                                                                                                              • String ID: DragScrollDelay$DragScrollInset$DragScrollInterval$windows
                                                                                                                                                                                                                                              • API String ID: 4229786687-1024936294
                                                                                                                                                                                                                                              • Opcode ID: 1c89fa269af7b53c57b9ee8e467f5d80171aa36d0f55d9ec874c6e33dff1968a
                                                                                                                                                                                                                                              • Instruction ID: 5430a89190d3f810423e7c104fe32226cc409ecff094c272ef9b91fbdc3a841e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c89fa269af7b53c57b9ee8e467f5d80171aa36d0f55d9ec874c6e33dff1968a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 510171B0642700AFDB60EFB89D4A77ABAE8BB44B54F40451EB144AB292CFF44502CF15
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0095986B Relevance: 13.9, APIs: 9, Instructions: 355windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00959872
                                                                                                                                                                                                                                              • SendMessageW.USER32(000000FF,000000B0,000000FF,?), ref: 0095988C
                                                                                                                                                                                                                                              • MessageBeep.USER32(000000FF), ref: 00959ABE
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000001,000000C2,00000001,00000001), ref: 00959A7C
                                                                                                                                                                                                                                                • Part of subcall function 0094F22D: CoInitialize.OLE32(00000000), ref: 0094F27D
                                                                                                                                                                                                                                                • Part of subcall function 0094F22D: CoCreateInstance.OLE32(00ACDE80,00000000,00000001,00AA0B80,?,?,?,?,80070057), ref: 0094F29F
                                                                                                                                                                                                                                              • MessageBeep.USER32(000000FF), ref: 00959C80
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$BeepSend$CreateH_prolog3InitializeInstance
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1592277836-0
                                                                                                                                                                                                                                              • Opcode ID: 213382ba143942563659b4a29d722c74d5be86d0c802027fb4f1985c382a1fca
                                                                                                                                                                                                                                              • Instruction ID: 11af600fe64a0b8cad47a38aa77de03d1d0b74cce8983cfbab8ffb361c392137
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 213382ba143942563659b4a29d722c74d5be86d0c802027fb4f1985c382a1fca
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AED15971A0011ADBDF10DFA5C895FFEB7B9BF88311F10412AE956B7281DA30A948CB70
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00960077 Relevance: 13.7, APIs: 9, Instructions: 214COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(?), ref: 00960111
                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,?,00000001), ref: 0096016D
                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,?,00000001), ref: 0096017C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$Invalidate$Empty
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1126320529-0
                                                                                                                                                                                                                                              • Opcode ID: dbc2d3bee6ec6d8aa2b144d5504ece173e2464de03178beaede9d8e27c0fdb74
                                                                                                                                                                                                                                              • Instruction ID: af5f9325a5183c56fcd230b23c118bb6d5743aab6954147d829eaeb40069e805
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dbc2d3bee6ec6d8aa2b144d5504ece173e2464de03178beaede9d8e27c0fdb74
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B812B35A00619DFCF05DFA4C898AAEB7B9FF48310F15406AEC15AB250DB75AE41CFA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00A6D0C0 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00937E56,00937E58,00000000,00000000,113E2069,00000000,00000000,?,Function_0013E8D0,00AE5618,000000FE,?,00937E56,WQL), ref: 00A6D149
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00937E56,?,00000000,00000000,?,Function_0013E8D0,00AE5618,000000FE,?,00937E56), ref: 00A6D1C4
                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00A6D1CF
                                                                                                                                                                                                                                              • _com_issue_error.COMSUPP ref: 00A6D1F8
                                                                                                                                                                                                                                              • _com_issue_error.COMSUPP ref: 00A6D202
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(80070057,113E2069,00000000,00000000,?,Function_0013E8D0,00AE5618,000000FE,?,00937E56,WQL), ref: 00A6D207
                                                                                                                                                                                                                                              • _com_issue_error.COMSUPP ref: 00A6D21A
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,Function_0013E8D0,00AE5618,000000FE,?,00937E56,WQL), ref: 00A6D230
                                                                                                                                                                                                                                              • _com_issue_error.COMSUPP ref: 00A6D243
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1353541977-0
                                                                                                                                                                                                                                              • Opcode ID: 88290ea97727631cdd04f68fd90d27c08c212d19baa8cf0e22128985bcd48b8e
                                                                                                                                                                                                                                              • Instruction ID: ca45ba7f573f0bea59f1efc9b93b5083a18e780c1d65cb4790db5ecb9c9212e3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88290ea97727631cdd04f68fd90d27c08c212d19baa8cf0e22128985bcd48b8e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 024128B1F00219ABC710DFA5DD45BAEBBB8FF45790F14822AF509EB281DB749801C7A5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009431C1 Relevance: 13.6, APIs: 9, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 009431CB
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000000,00000000,00000080), ref: 00943212
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000000,00000000,?), ref: 0094323E
                                                                                                                                                                                                                                              • ValidateRect.USER32(?,00000000), ref: 00943251
                                                                                                                                                                                                                                                • Part of subcall function 0094AD06: GetClientRect.USER32(?,?), ref: 0094AD70
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 009432C9
                                                                                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 009432D6
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000000,00000000,?), ref: 0094330C
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000000,00000000), ref: 0094332E
                                                                                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 00943346
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Rect$ClientPaint$BeginH_prolog3_Validate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3883544035-0
                                                                                                                                                                                                                                              • Opcode ID: 3876bd1f53376c76567444a18c235a70e6d8b894c547343a5aacebbf8fc38610
                                                                                                                                                                                                                                              • Instruction ID: 6d215b505570caca9175c56bea5851f7f73da39c2fbb8e90fa9222cf14740dd2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3876bd1f53376c76567444a18c235a70e6d8b894c547343a5aacebbf8fc38610
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F415F71A00605EFCF25AFB0DC94EAEBAB9FF88300F14856EE156A2561DF319A01DF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093886C Relevance: 13.6, APIs: 9, Instructions: 89windowCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00938873
                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(?), ref: 009388B9
                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(?), ref: 009388C5
                                                                                                                                                                                                                                              • GetSubMenu.USER32(?,-00000001), ref: 009388DC
                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(00000000), ref: 009388EF
                                                                                                                                                                                                                                              • GetSubMenu.USER32(00000000,00000000), ref: 00938900
                                                                                                                                                                                                                                              • RemoveMenu.USER32(00000000,00000000,00000400,?,?,?,?,?,?,113E2069,00AD86F0,0000000C,00000004,00937AF8,?), ref: 0093891A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Menu$CountItem$H_prolog3Remove
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3061525546-0
                                                                                                                                                                                                                                              • Opcode ID: 24fbca826622e002216c6caf401f72d16552252d11d61e3250726ea86847d2bb
                                                                                                                                                                                                                                              • Instruction ID: 4c134c4f2398b7948e5000fa8b796575c7a9954c72cb44f52311cebf056353b6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24fbca826622e002216c6caf401f72d16552252d11d61e3250726ea86847d2bb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B216F7160030AABDB119FB5DC49BAF3BB9FB80360F50492AF515E6150DF709A41DF51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096C678 Relevance: 13.6, APIs: 9, Instructions: 86memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,00000000,00000000,?,?,0096C66D,00000000,00000000,?,00AA5F10,?,0096D4BB,?,00000000,?), ref: 0096C685
                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000,?,0096C66D,00000000,00000000,?,00AA5F10,?,0096D4BB,?,00000000,?), ref: 0096C69A
                                                                                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,00000000,00000000), ref: 0096C6BE
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00AF1440), ref: 0096C6D9
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00AF1440,00000000), ref: 0096C749
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,00000000), ref: 0096C750
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 0096C757
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,0096C66D,00000000,00000000,?,00AA5F10,?,0096D4BB,?,00000000,?), ref: 0096C763
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 0096C76A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Global$CriticalFreeSectionUnlock$AllocCreateEnterLeaveLockStream
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3041472133-0
                                                                                                                                                                                                                                              • Opcode ID: 60e42536f83e3fa27363e624549d235d56a830304f064fb443d0d46b92f3b8b9
                                                                                                                                                                                                                                              • Instruction ID: fc21ebb0dc509e2b58e93aee7e02648fe74ec1a838b2dff54856b301223a1093
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60e42536f83e3fa27363e624549d235d56a830304f064fb443d0d46b92f3b8b9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F21A3B5700205EBCB11EBE4ED89BBE77ACAB85B62F04401AF901D6251DF759802DB21
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096A610 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 261windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0096BAEF: GdipGetImagePixelFormat.GDIPLUS(?,?,00000000,00000000,?,0096A654,113E2069,00000000,00000000,?), ref: 0096BAFD
                                                                                                                                                                                                                                                • Part of subcall function 0096BAA7: GdipGetImagePalette.GDIPLUS(?,00000000,00000000,?,?,0096A773,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,113E2069), ref: 0096BAB6
                                                                                                                                                                                                                                              • GdipBitmapLockBits.GDIPLUS(?,?,00000001,?,00000000,00000000,00000000,?,00000000,00000000,00000000,113E2069,00000000,00000000,?), ref: 0096A868
                                                                                                                                                                                                                                              • GdipBitmapUnlockBits.GDIPLUS(?,00000000,?,?,00000001,?,00000000,00000000,00000000,?,00000000,00000000,00000000,113E2069,00000000,00000000), ref: 0096A918
                                                                                                                                                                                                                                              • GdipDrawImageI.GDIPLUS(?,00000000,00000000,00000000,?,?,00000082,?,00022009,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0096A96A
                                                                                                                                                                                                                                              • GdipDeleteGraphics.GDIPLUS(?,?,00000000,00000000,00000000,?,?,00000082,?,00022009,00000000,00000000,00000000,?,00000000,00000000), ref: 0096A975
                                                                                                                                                                                                                                              • GdipDisposeImage.GDIPLUS(?,?,?,00000000,00000000,00000000,?,?,00000082,?,00022009,00000000,00000000,00000000,?,00000000), ref: 0096A980
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Gdip$Image$BitmapBits$DeleteDisposeDrawFormatGraphicsLockPalettePixelUnlock
                                                                                                                                                                                                                                              • String ID: &$ &
                                                                                                                                                                                                                                              • API String ID: 1665940520-360661826
                                                                                                                                                                                                                                              • Opcode ID: 8a373363c94bd874b147f91faf42aab9cfb13a080e7f0b09f644b8c299501f7b
                                                                                                                                                                                                                                              • Instruction ID: 75a07464a9c637ffe72e0cc678adc0d1f6aaa7957661022053e8f44ec37fc804
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a373363c94bd874b147f91faf42aab9cfb13a080e7f0b09f644b8c299501f7b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AA15FF1E002299FCB25DF14CD80BA9B7B9EF84314F5545E9EA09A7241DB309E81CF99
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009443BD Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 216libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(user32.dll), ref: 009443E0
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetGestureInfo), ref: 00944415
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CloseGestureInfoHandle), ref: 0094443D
                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 009444CD
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressProc$ClientHandleModuleScreen
                                                                                                                                                                                                                                              • String ID: CloseGestureInfoHandle$GetGestureInfo$user32.dll
                                                                                                                                                                                                                                              • API String ID: 471820996-2905070798
                                                                                                                                                                                                                                              • Opcode ID: 624aa5fec03d917a779caca828c7f5d2e18f841018fb1bd47b4006cca4405b2c
                                                                                                                                                                                                                                              • Instruction ID: 5fb9d5aba90023d9fdea3564d080edceb6329186ddc649000b31e08baf6d3e12
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 624aa5fec03d917a779caca828c7f5d2e18f841018fb1bd47b4006cca4405b2c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE818E75A00616EFCB19CFA8D988E69BBB5FB08314B10466AE90597760DB35ED21CF80
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094942A Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CheckMenuItem.USER32(?,?,00000000), ref: 00949459
                                                                                                                                                                                                                                                • Part of subcall function 0093D4AA: GetWindowTextW.USER32(00000000,?,00000100), ref: 0093D508
                                                                                                                                                                                                                                                • Part of subcall function 0093D4AA: lstrcmpW.KERNEL32(?,0093CD3B), ref: 0093D51A
                                                                                                                                                                                                                                                • Part of subcall function 0093D4AA: SetWindowTextW.USER32(00000000,0093CD3B), ref: 0093D526
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000087,00000000,00000000), ref: 00949474
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,?,00000000), ref: 00949491
                                                                                                                                                                                                                                              • SetMenuItemBitmaps.USER32(?,?,00000400,00000000,00000000), ref: 009494FE
                                                                                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,?,00000001,?), ref: 0094954E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ItemMenu$MessageSendTextWindow$BitmapsCheckInfolstrcmp
                                                                                                                                                                                                                                              • String ID: 0$@
                                                                                                                                                                                                                                              • API String ID: 72408025-1545510068
                                                                                                                                                                                                                                              • Opcode ID: b973e55112292bfbe2139ceda24f5cfeadac6229ddccbd457521316d31efffd2
                                                                                                                                                                                                                                              • Instruction ID: 40e8a47aeaf4330641929c2b752217117b41e5dde926d843fe00238688faf2e2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b973e55112292bfbe2139ceda24f5cfeadac6229ddccbd457521316d31efffd2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE419A71200615AFDB25DFA9D844FABBBBDFB44710F20852AF9099A561DB30EC52CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00963268 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000004,?), ref: 009632AE
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009632E8
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001102,00008001,?), ref: 0096332A
                                                                                                                                                                                                                                                • Part of subcall function 00962C13: __EH_prolog3.LIBCMT ref: 00962C1A
                                                                                                                                                                                                                                                • Part of subcall function 00962C13: SendMessageW.USER32(?,0000113E,00000000,?), ref: 00962C5C
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0096336E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$H_prolog3
                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                              • API String ID: 1885053084-2766056989
                                                                                                                                                                                                                                              • Opcode ID: 36b4a7acd9913fe9d0042df313bef3c909c2d7ecde77e25f7a263e469e87e660
                                                                                                                                                                                                                                              • Instruction ID: 080f4996d1758fd6fe0aafe242638ae934c6b9ce0912d0b03f6ab6106660d828
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36b4a7acd9913fe9d0042df313bef3c909c2d7ecde77e25f7a263e469e87e660
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6731D871B00215BFE7159BA4DC4AFDE7B7CFF18761F004012F605A62A1EBB0DE108AA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0095C1EE Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 0095C1F8
                                                                                                                                                                                                                                                • Part of subcall function 0095C872: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0095C87B
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000030,?,00000001), ref: 0095C25E
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000D4,00000000,00000000), ref: 0095C26F
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000030,?,00000001), ref: 0095C297
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000D4,00000000,00000000), ref: 0095C2A3
                                                                                                                                                                                                                                              • Concurrency::details::ExternalContextBase::~ExternalContextBase.LIBCONCRT ref: 0095C2C3
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$ContextExternal$BaseBase::~Concurrency::details::H_prolog3_
                                                                                                                                                                                                                                              • String ID: d
                                                                                                                                                                                                                                              • API String ID: 1047725533-2564639436
                                                                                                                                                                                                                                              • Opcode ID: 5b8790cb794502e3bb4e9e3245393d990735f344b343d8b6f511d1f1f2fa99d2
                                                                                                                                                                                                                                              • Instruction ID: 262d43a8724e52b002a801bf510355775384a6879fa3a86242aea8875ac86362
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b8790cb794502e3bb4e9e3245393d990735f344b343d8b6f511d1f1f2fa99d2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB214A70A003189FDB21EFA5CD99FAEBAB8FF95704F00005AF555A72A1DB749A04CF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094C34C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(uxtheme.dll), ref: 0094C35E
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DrawThemeTextEx), ref: 0094C36E
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000), ref: 0094C377
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000), ref: 0094C385
                                                                                                                                                                                                                                              • DrawThemeText.UXTHEME(?,?,?,?,?,?,?,00000000,?), ref: 0094C3D2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressDecodeDrawEncodeHandleModuleProcTextTheme
                                                                                                                                                                                                                                              • String ID: DrawThemeTextEx$uxtheme.dll
                                                                                                                                                                                                                                              • API String ID: 1727381832-3035683158
                                                                                                                                                                                                                                              • Opcode ID: d8c865305a8292f955abaecd76e5d0d61829f681a1370cbec5c1bcfdf4823b08
                                                                                                                                                                                                                                              • Instruction ID: 555afb33fbc9b28e62dcfee8bf944e2e0bbf163f9bd4e96cc3302e2ed7b9e5be
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8c865305a8292f955abaecd76e5d0d61829f681a1370cbec5c1bcfdf4823b08
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4211BA3214161AFFCF029FE0DD08DEE7FA6FB18765B048515FE05A1160DB36D821AB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00972411 Relevance: 12.3, APIs: 8, Instructions: 291COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00972473
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00972480
                                                                                                                                                                                                                                                • Part of subcall function 009723E6: GetParent.USER32(?), ref: 009723FB
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 009724CC
                                                                                                                                                                                                                                              • IntersectRect.USER32(?,?,?), ref: 009724DE
                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 00972551
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00972598
                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 009725A8
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00972704
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$Window$CursorIntersectParent
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1143452425-0
                                                                                                                                                                                                                                              • Opcode ID: 70a262d2ad268bee3415f5cf4a9efcad762fd10ebd091a19a8a9a3d33ac9f6f1
                                                                                                                                                                                                                                              • Instruction ID: ac2c1e99ef328cad757ff175f0c2d6be74fa02cd397ce661b72a4e88271763fb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70a262d2ad268bee3415f5cf4a9efcad762fd10ebd091a19a8a9a3d33ac9f6f1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06C1D472E1060ADFCF04DFE9D9849EDBBB5FF48300F24806AE419E6254DB34AA56CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009730A2 Relevance: 12.2, APIs: 8, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$CaptureDestroyEmptyMessageParentPointsRectReleaseSendVisible
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3509494761-0
                                                                                                                                                                                                                                              • Opcode ID: e04fdd4bffb9ac5cd164a60fc1a3b746664e2a7d98002281b6b111d20b8a6ab4
                                                                                                                                                                                                                                              • Instruction ID: 283b208c28959f67f31667087afc55ddacdb1386f638e09976fe36b78a7527d7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e04fdd4bffb9ac5cd164a60fc1a3b746664e2a7d98002281b6b111d20b8a6ab4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF51A0327006159BDF11DFA0CC99BBA37A9AF45710F048079EC0A9F2A6CF349E02DB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00965568 Relevance: 12.1, APIs: 8, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFocus.USER32 ref: 009655B5
                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 009655FC
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000102C,00000000,00000003), ref: 0096563A
                                                                                                                                                                                                                                              • SetCapture.USER32(?), ref: 00965660
                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 00965698
                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 009656B7
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000044), ref: 009656EA
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000045), ref: 00965708
                                                                                                                                                                                                                                                • Part of subcall function 00964656: SendMessageW.USER32(00000000,00001018,00000000,00000000), ref: 00964662
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CaptureClientMessageMetricsScreenSendSystem$FocusRelease
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3871486171-0
                                                                                                                                                                                                                                              • Opcode ID: 1b259b6f524a253926099a5d078ac909facc5afb3a5da55b4bc83a2699539919
                                                                                                                                                                                                                                              • Instruction ID: 6dfd13d4accf287c4e0aa9b6a0c8087a5d591cff45086d34771c4ffd05fa0373
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b259b6f524a253926099a5d078ac909facc5afb3a5da55b4bc83a2699539919
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED51A775A00A09EFCB19DFB4C949ADDBBB5FF04310F114259E526972A0DB70AE11CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096D661 Relevance: 12.1, APIs: 8, Instructions: 138windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 0096D668
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00AF1440,00000018,00998873,?,?,?,00000000,?,?,?,?), ref: 0096D686
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000018), ref: 0096D6D3
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00AF1440,?), ref: 0096D6F0
                                                                                                                                                                                                                                              • CreateBitmap.GDI32(?,-00000002,00000001,00000001,00000000), ref: 0096D718
                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000), ref: 0096D727
                                                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 0096D7B1
                                                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(?,?,-00000002), ref: 0096D7D1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Create$BitmapCompatibleCriticalObjectSectionSelect$EnterH_prolog3Leave
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4255533662-0
                                                                                                                                                                                                                                              • Opcode ID: f4641031e3fb9f9495e2e01cdc062967885505f859924a6d9877faa60f72d649
                                                                                                                                                                                                                                              • Instruction ID: 236dc7f5d833656868ddc47465ba65444ae4b4201b5b7d1ca78add8247e886ed
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4641031e3fb9f9495e2e01cdc062967885505f859924a6d9877faa60f72d649
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4517CB4B01B01DFCB34DFA5C985A66B7F8BF84750B00892DE86A87251EB70E845CB61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0095B86D Relevance: 12.1, APIs: 8, Instructions: 112windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 0095B8AF
                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 0095B8F2
                                                                                                                                                                                                                                              • TrackPopupMenu.USER32(?,00000180,?,?,00000000,?,00000000), ref: 0095B94D
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0095B95C
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000111,?,?), ref: 0095B98E
                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,00000000), ref: 0095B9AE
                                                                                                                                                                                                                                              • UpdateWindow.USER32(?), ref: 0095B9B7
                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 0095B9C6
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$InvalidateWindow$CaptureMenuMessageParentPopupReleaseSendTrackUpdate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2465089168-0
                                                                                                                                                                                                                                              • Opcode ID: a8b541e3bbe5553e9ca10afdf52cbce607fe7140891f0a325eb3f5dd7e8fe0f3
                                                                                                                                                                                                                                              • Instruction ID: f9b55d8734c53b620a3445b3902c6682f4e03c619fb05d36816f721a0cf94601
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8b541e3bbe5553e9ca10afdf52cbce607fe7140891f0a325eb3f5dd7e8fe0f3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B412DB0B04606FFDB08DFA1C894BAAFBB9FF48315F00012AE91992250DB746C15CF91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009DB009 Relevance: 12.1, APIs: 8, Instructions: 98COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 009DB025
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 009DB03C
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 009DB080
                                                                                                                                                                                                                                              • MapWindowPoints.USER32(?,?,?,00000002), ref: 009DB092
                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 009DB0A2
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 009DB0CF
                                                                                                                                                                                                                                              • MapWindowPoints.USER32(?,?,?,00000002), ref: 009DB0E1
                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 009DB0F1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$Client$PointsWindow$ParentScreen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1944725958-0
                                                                                                                                                                                                                                              • Opcode ID: 04e2aba44cbb04171b7109849525d4a38d3e363e4213365f5700a95f87bddb12
                                                                                                                                                                                                                                              • Instruction ID: 5431b423e8c41257eb306c0f03a51ecccb53624ead2ecbd68752eb70ba97914e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04e2aba44cbb04171b7109849525d4a38d3e363e4213365f5700a95f87bddb12
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0317E72A04519EFCB01DFE4CD449AEBBB9FB48310B118526E906D7260DB359E018BA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093D74D Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RealChildWindowFromPoint.USER32(?,?,?), ref: 0093D771
                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 0093D78C
                                                                                                                                                                                                                                              • GetWindow.USER32(?,00000005), ref: 0093D795
                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(00000000), ref: 0093D7A5
                                                                                                                                                                                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 0093D7B5
                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 0093D7D3
                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 0093D7E3
                                                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000002), ref: 0093D7F2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Rect$ChildClientCtrlFromLongPointRealScreen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 151369081-0
                                                                                                                                                                                                                                              • Opcode ID: affd6e3ad60d754dedab403d3aea494d44c3e9115c6d0d01c8e742fd2fc357c6
                                                                                                                                                                                                                                              • Instruction ID: 77f4ff6423005c130b8067df50a4ddbf44cb56ce7ebabddc06fbbf87794cebae
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: affd6e3ad60d754dedab403d3aea494d44c3e9115c6d0d01c8e742fd2fc357c6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F215671A0161AABCB11DFE8DC589AFBBBCEF05750F14412AF501E7250DB349E068FA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00948218 Relevance: 12.1, APIs: 8, Instructions: 64memorystringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0094822C
                                                                                                                                                                                                                                              • lstrcmpW.KERNEL32(00000000,?), ref: 00948245
                                                                                                                                                                                                                                              • OpenPrinterW.WINSPOOL.DRV(?,?,00000000), ref: 0094825A
                                                                                                                                                                                                                                              • DocumentPropertiesW.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 0094827A
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00948282
                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00948290
                                                                                                                                                                                                                                              • DocumentPropertiesW.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 009482A1
                                                                                                                                                                                                                                              • ClosePrinter.WINSPOOL.DRV(?), ref: 009482B9
                                                                                                                                                                                                                                                • Part of subcall function 0093D477: GlobalFlags.KERNEL32(?), ref: 0093D484
                                                                                                                                                                                                                                                • Part of subcall function 0093D477: GlobalUnlock.KERNEL32(?,?,?,?,?,?,0093B59F,?,113E2069), ref: 0093D492
                                                                                                                                                                                                                                                • Part of subcall function 0093D477: GlobalFree.KERNEL32(?), ref: 0093D49E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 168474834-0
                                                                                                                                                                                                                                              • Opcode ID: d2891fafa724a7e09292b7f3605aeeb513a1e982731da8b903150c6d52de8daf
                                                                                                                                                                                                                                              • Instruction ID: 7ca7a4f70559b6226f20a978e40a32248679123a7020e52acf93f7af61a77d52
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2891fafa724a7e09292b7f3605aeeb513a1e982731da8b903150c6d52de8daf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD113DB1541A08BFEB22AFE0CD45DAF7AADEF04794B00042AFA51A5071DB71DD50DB20
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0099B5DA Relevance: 10.8, APIs: 7, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 0099B5E1
                                                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000007), ref: 0099B64A
                                                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0099B680
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 0099B6DA
                                                                                                                                                                                                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,00000007,?,?,00CC0020), ref: 0099B702
                                                                                                                                                                                                                                              • BitBlt.GDI32(00000007,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0099B8CF
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 0099B8E6
                                                                                                                                                                                                                                                • Part of subcall function 0096B9E3: FillRect.USER32(?,?,-000000A8), ref: 0096B9FF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CompatibleCreateObject$BitmapDeleteFillH_prolog3RectSelect
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3910664508-0
                                                                                                                                                                                                                                              • Opcode ID: 263668a012a17d1becdc3f2908dd95670705c41e38dba8b2c15daa4267bd634a
                                                                                                                                                                                                                                              • Instruction ID: a1836e30c42f92be4a7158bf7ce510fe6234eec49a6ad0e292a32aa375aa3175
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 263668a012a17d1becdc3f2908dd95670705c41e38dba8b2c15daa4267bd634a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4A17C71A0021ADBDF14DFA8DA99AAEBBF8FF48310F104129F551E6291DB38E915CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009641DE Relevance: 10.7, APIs: 7, Instructions: 187windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 009641E5
                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,00000000), ref: 00964238
                                                                                                                                                                                                                                                • Part of subcall function 0093FC25: __EH_prolog3.LIBCMT ref: 0093FC2C
                                                                                                                                                                                                                                                • Part of subcall function 0093FC25: GetDC.USER32(00000000), ref: 0093FC58
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,?,00000000), ref: 00964281
                                                                                                                                                                                                                                              • GetParent.USER32(00000000), ref: 0096428C
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,?,00000000), ref: 009642B2
                                                                                                                                                                                                                                              • GetTextMetricsW.GDI32(?,?), ref: 009642D2
                                                                                                                                                                                                                                                • Part of subcall function 00940F35: SelectObject.GDI32(?,00000000), ref: 00940F55
                                                                                                                                                                                                                                                • Part of subcall function 00940F35: SelectObject.GDI32(?,00000000), ref: 00940F6B
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 009643B7
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: H_prolog3MessageObjectSelectSend$ClientH_prolog3_MetricsParentRectText
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3349635734-0
                                                                                                                                                                                                                                              • Opcode ID: 306f411d485284bcde421c0a806c8e69c2d1e6612a22df8f36d45c43789d5dfe
                                                                                                                                                                                                                                              • Instruction ID: 5e1eaf6ecfb5975d4da1e33f6fc6ca16c6e58a3179381e0e9712e7d1141a5bd1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 306f411d485284bcde421c0a806c8e69c2d1e6612a22df8f36d45c43789d5dfe
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E61BC32A001159FCF15DFE8CD95BAEB7B6BF88310F144269E919AB295CF30AD01CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096C785 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002000), ref: 0096C870
                                                                                                                                                                                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 0096C88B
                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 0096C898
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 0096C918
                                                                                                                                                                                                                                                • Part of subcall function 0096D59B: GetObjectW.GDI32(?,00000054,?), ref: 0096D5B5
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 0096C78C
                                                                                                                                                                                                                                                • Part of subcall function 0093D451: DeleteObject.GDI32(?), ref: 0093D463
                                                                                                                                                                                                                                                • Part of subcall function 0096C614: FindResourceW.KERNEL32(00000000,?,PNG,?,?,?,00AA5F10,?,0096D4BB,?,00000000,?), ref: 0096C636
                                                                                                                                                                                                                                                • Part of subcall function 0096C614: LoadResource.KERNEL32(00000000,00000000,?,00AA5F10,?,0096D4BB,?,00000000,?), ref: 0096C644
                                                                                                                                                                                                                                                • Part of subcall function 0096C614: LockResource.KERNEL32(00000000,?,00AA5F10,?,0096D4BB,?,00000000,?), ref: 0096C64F
                                                                                                                                                                                                                                                • Part of subcall function 0096C614: SizeofResource.KERNEL32(00000000,00000000,?,00AA5F10,?,0096D4BB,?,00000000,?), ref: 0096C65D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Object$Resource$Delete$Load$FindH_prolog3ImageLockSizeof
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1337615151-3916222277
                                                                                                                                                                                                                                              • Opcode ID: 16f37e33f8b884d5231e8f98ef27641ffd38bc89989424c04afd895df3793532
                                                                                                                                                                                                                                              • Instruction ID: 1262bf3240ae447cc7bbf96574f1954187d72853b69b9a07fa41b7f34af1e2b5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16f37e33f8b884d5231e8f98ef27641ffd38bc89989424c04afd895df3793532
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E516BB190161AEFDF14EFA0C895BFDB779BF44304F408529F895A7291DB30AA54CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096957F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 00969586
                                                                                                                                                                                                                                                • Part of subcall function 0093FD2D: __EH_prolog3.LIBCMT ref: 0093FD34
                                                                                                                                                                                                                                                • Part of subcall function 0093FD2D: GetWindowDC.USER32(00000000,00000004,00968286,00000000), ref: 0093FD60
                                                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 009695BE
                                                                                                                                                                                                                                              • CreateDIBSection.GDI32(?,00000028,00000000,?,00000000,00000000), ref: 00969647
                                                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(?,00000000,?), ref: 00969661
                                                                                                                                                                                                                                                • Part of subcall function 00940ED6: SelectObject.GDI32(?,?), ref: 00940EDF
                                                                                                                                                                                                                                              • FillRect.USER32(?,00000000,-00000098), ref: 009696AC
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Create$Compatible$BitmapFillH_prolog3H_prolog3_ObjectRectSectionSelectWindow
                                                                                                                                                                                                                                              • String ID: (
                                                                                                                                                                                                                                              • API String ID: 2680359821-3887548279
                                                                                                                                                                                                                                              • Opcode ID: 9a664987769b43346d4dca9037c4a5d123b01ee68567e5e0009ab9bcfe714e0d
                                                                                                                                                                                                                                              • Instruction ID: 15e7b2225ea85283a26002b5be5fc9eb404e9de84261fec181860a799f85c0b5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a664987769b43346d4dca9037c4a5d123b01ee68567e5e0009ab9bcfe714e0d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C051F2B1D10218AFDF15DFE5C949BAEBBB9FF44310F10812AE406AB291DB749A49CF10
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0097180E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 00971815
                                                                                                                                                                                                                                              • CopyRect.USER32(?,?), ref: 009718C3
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 009718DB
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 009718F3
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 00971908
                                                                                                                                                                                                                                                • Part of subcall function 00967BDB: __EH_prolog3.LIBCMT ref: 00967BE2
                                                                                                                                                                                                                                                • Part of subcall function 00967BDB: LoadCursorW.USER32(00000000,00007F00), ref: 00967C06
                                                                                                                                                                                                                                                • Part of subcall function 00967BDB: GetClassInfoW.USER32(?,?,?), ref: 00967C41
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$Empty$ClassCopyCursorH_prolog3H_prolog3_InfoLoad
                                                                                                                                                                                                                                              • String ID: Afx:ControlBar
                                                                                                                                                                                                                                              • API String ID: 685170547-4244778371
                                                                                                                                                                                                                                              • Opcode ID: c19a987cbd2a9f290d0bdb3b42eb928dbd9a2a5067d63273f401a6bacc667e80
                                                                                                                                                                                                                                              • Instruction ID: 9d1e79a9ac3cb305faeb347c43bc38b9b09dbc0aaeeb38e3c35fa17fa9a07b98
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c19a987cbd2a9f290d0bdb3b42eb928dbd9a2a5067d63273f401a6bacc667e80
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2415B72A002099BCF05DFA4D894AEEB7F9BF89340F044069FD09BB251DB75AD05CB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00A6E8D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00A6E907
                                                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00A6E90F
                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00A6E998
                                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00A6E9C3
                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00A6EA18
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                              • Opcode ID: ec75d17d0ecb2cbd57285f6c824947ce431ea0f06d431486f9426eea0cd3c159
                                                                                                                                                                                                                                              • Instruction ID: 7bb887c85c142ca495c6a27b4073d5b74707205a8a79d79680f063d1afe261ec
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec75d17d0ecb2cbd57285f6c824947ce431ea0f06d431486f9426eea0cd3c159
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6941A139A00208ABCF10EF6CC881A9EBFB5BF44324F14C555E8199B392D731AE16CF91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009630E9 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 119COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,?), ref: 00963126
                                                                                                                                                                                                                                              • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000208), ref: 00963189
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 009631C6
                                                                                                                                                                                                                                                • Part of subcall function 00951B31: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 00951B46
                                                                                                                                                                                                                                                • Part of subcall function 0099D57E: __EH_prolog3.LIBCMT ref: 0099D585
                                                                                                                                                                                                                                                • Part of subcall function 0099D5F6: __EH_prolog3.LIBCMT ref: 0099D5FD
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: H_prolog3$FileInfo$ByteCharMultiWide
                                                                                                                                                                                                                                              • String ID: ???$MFCShellTreeCtrl_EnableShellContextMenu$TRUE
                                                                                                                                                                                                                                              • API String ID: 1362241028-3649263699
                                                                                                                                                                                                                                              • Opcode ID: 3293edbece1e3f1d96a80fe8ba3256d58ae17bb7b2e0dd769634cc0cd5048776
                                                                                                                                                                                                                                              • Instruction ID: e1766f22b65497dad75a2b4620bfbb90a4c2c64c49abeeb13795c24465d5206d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3293edbece1e3f1d96a80fe8ba3256d58ae17bb7b2e0dd769634cc0cd5048776
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5418130A10219ABDB14EFA4CD5AFFEB7B8AF54704F508469B415AB1D1DF34AE05CB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009552E1 Relevance: 10.6, APIs: 7, Instructions: 116windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000407,00000000,?), ref: 00955323
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 00955347
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000111,?,?), ref: 00955374
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 00955393
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000105,00000000), ref: 00955401
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0095540A
                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F4), ref: 0095541E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Parent$MessageSendWindow$LongRedraw
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4271267155-0
                                                                                                                                                                                                                                              • Opcode ID: cf4caac3c073aaae5f8fe86a144b75e52099844fb507e00f8a476dae4834e7a9
                                                                                                                                                                                                                                              • Instruction ID: 485ad0190d8796fa3d67c93260184f7f923f1e3698ef28d6ef20fca7b616999b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf4caac3c073aaae5f8fe86a144b75e52099844fb507e00f8a476dae4834e7a9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A317332600A11EBDB25DB76CC68A6ABA6CFF08392F054215F90D96066D7F4D844CB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093E6A4 Relevance: 10.6, APIs: 7, Instructions: 113fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,00000000,?,00000000), ref: 0093E6C4
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0093E6E0
                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00000000), ref: 0093E70D
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,00000000), ref: 0093E71B
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,00000000), ref: 0093E73A
                                                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(?,?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000), ref: 0093E797
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000), ref: 0093E7B1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$File$PointerRead
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 839530781-0
                                                                                                                                                                                                                                              • Opcode ID: 7a958bc205efb170e335c61f812e3e92c9f0211ebb5716fa1bc770005667a78e
                                                                                                                                                                                                                                              • Instruction ID: 68a039f279f66c786e7b9944ab57d1ae7c566c5604aa56c4c96dd8a696b89d27
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a958bc205efb170e335c61f812e3e92c9f0211ebb5716fa1bc770005667a78e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6317071600618BBCB20AFA1DC09EDFBBADEF44360F108526F919D7650DB70AE11CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009B2992 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 95keyboardCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 009B2999
                                                                                                                                                                                                                                              • GetKeyboardLayout.USER32(00000000), ref: 009B29D6
                                                                                                                                                                                                                                              • MapVirtualKeyExW.USER32(?,00000000,00000000), ref: 009B29DF
                                                                                                                                                                                                                                              • GetKeyNameTextW.USER32(00000000,?,00000032), ref: 009B2A06
                                                                                                                                                                                                                                              • IsCharLowerW.USER32(?,?,00000000), ref: 009B2A43
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharH_prolog3_KeyboardLayoutLowerNameTextVirtual
                                                                                                                                                                                                                                              • String ID: Pause
                                                                                                                                                                                                                                              • API String ID: 2563161834-375111145
                                                                                                                                                                                                                                              • Opcode ID: c4376de06854aeffe2be8112f7e424ee34b0274ebe965910343e0cc56cea0ed7
                                                                                                                                                                                                                                              • Instruction ID: ae08cf938043203c413bf0e0116c05341bbfb986d72cefaf3491eecf480406bb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4376de06854aeffe2be8112f7e424ee34b0274ebe965910343e0cc56cea0ed7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB319C71D00514AAEB30EBA4DD89EFEB778EF88720F10841AF561A7092EE746941DF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00A0909D Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 00A090A4
                                                                                                                                                                                                                                                • Part of subcall function 00A08FC2: __EH_prolog3.LIBCMT ref: 00A08FC9
                                                                                                                                                                                                                                                • Part of subcall function 00A08FC2: GetProfileIntW.KERNEL32(windows,DragMinDist,00000002), ref: 00A0901C
                                                                                                                                                                                                                                                • Part of subcall function 00A08FC2: GetProfileIntW.KERNEL32(windows,DragDelay,000000C8), ref: 00A09032
                                                                                                                                                                                                                                              • CopyRect.USER32(?,?), ref: 00A090D8
                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00A090EA
                                                                                                                                                                                                                                              • SetRect.USER32(?,?,?,?,?), ref: 00A090FD
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 00A09118
                                                                                                                                                                                                                                              • InflateRect.USER32(?,00000002,00000002), ref: 00A0912A
                                                                                                                                                                                                                                              • DoDragDrop.OLE32(00000000,00000000,?,?), ref: 00A09172
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$Profile$CopyCursorDragDropEmptyH_prolog3H_prolog3_Inflate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1837043813-0
                                                                                                                                                                                                                                              • Opcode ID: 613da6c750aaf9b0641e7a7d1bce1b56a2742095d8fd7213a1f4359d3381ca26
                                                                                                                                                                                                                                              • Instruction ID: d286ffa398237f285bec2ea03ea7efc023e0540dd85aa1f9a9810437e9d51831
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 613da6c750aaf9b0641e7a7d1bce1b56a2742095d8fd7213a1f4359d3381ca26
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5312D74A01619AFCF01DFE0DD88AAEBBB9FF48350B004019F915AB295CB74AD06CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009420B8 Relevance: 10.6, APIs: 7, Instructions: 69COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 009420D5
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 009420F9
                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00942106
                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00942113
                                                                                                                                                                                                                                              • EqualRect.USER32(?,?), ref: 0094211E
                                                                                                                                                                                                                                              • DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000014), ref: 00942145
                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 0094214F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$ClientRectScreen$DeferEqualParent
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 443303494-0
                                                                                                                                                                                                                                              • Opcode ID: 8de925814a0bb0c57d3198934c825c83827d4880c37ab6e55cf2783175f8704c
                                                                                                                                                                                                                                              • Instruction ID: 7d84ac336561bd9ab35b5aedca94f7cb0eefedfcfb975b0af0808124f014eb59
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8de925814a0bb0c57d3198934c825c83827d4880c37ab6e55cf2783175f8704c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A021C07590061AEFCB10DFE4DD44DAEBBBCFF48710B50451AE515E6250DB30A951CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093D5F8 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 0093D612
                                                                                                                                                                                                                                              • GetWindow.USER32(?,00000005), ref: 0093D61B
                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(00000000), ref: 0093D62A
                                                                                                                                                                                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 0093D63A
                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 0093D658
                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 0093D668
                                                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000002), ref: 0093D675
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1315500227-0
                                                                                                                                                                                                                                              • Opcode ID: 351d60c78d33ecd721e9084080dd979bee31ec52c8661d3db2d6de73ca60c418
                                                                                                                                                                                                                                              • Instruction ID: 4e0b30b60662d04699c31b8015e3360883be38b5aad8d7e36d3e53016c3744f2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 351d60c78d33ecd721e9084080dd979bee31ec52c8661d3db2d6de73ca60c418
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F118F71A02629ABCB11DFE49C19AAFBBBCEF45314F004026F815E7150DB348E068FA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094C1E1 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(uxtheme.dll), ref: 0094C1F3
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,BeginBufferedPaint), ref: 0094C203
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000), ref: 0094C20C
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000), ref: 0094C21A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                                                                                                                                              • String ID: BeginBufferedPaint$uxtheme.dll
                                                                                                                                                                                                                                              • API String ID: 2061474489-1632326970
                                                                                                                                                                                                                                              • Opcode ID: e28ed1f3a3773e4c5f7654f1cbe6a3ac50b70b4e49ea07d75889f09d33499ac1
                                                                                                                                                                                                                                              • Instruction ID: 5a011ba80fdac858c71b192b879e2a1a162d76fa1c7dcfc98416f0eced1e3e2a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e28ed1f3a3773e4c5f7654f1cbe6a3ac50b70b4e49ea07d75889f09d33499ac1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4F09075641625BFCF119FE4AC08CBA3BACBB087A03004415FE15E2264DBB1C8119BA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094C6D8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(shell32.dll), ref: 0094C6EA
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 0094C6FA
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000), ref: 0094C703
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000), ref: 0094C711
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                                                                                                                                              • String ID: SHCreateItemFromParsingName$shell32.dll
                                                                                                                                                                                                                                              • API String ID: 2061474489-2320870614
                                                                                                                                                                                                                                              • Opcode ID: 29478f9653b05458f2c24fd5d106032dbe25d629dfbe127a62231e03760589bb
                                                                                                                                                                                                                                              • Instruction ID: 7e24a4c81426cacba1d53b11ee75607388774f0c9687190bc1d8c6c8131d3d0b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29478f9653b05458f2c24fd5d106032dbe25d629dfbe127a62231e03760589bb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9F03075641616AFCB519FF0AC4CD6A3BA8AB097A03004415FD05D6271EB358912DFA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094C2F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(user32.dll), ref: 0094C302
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,ChangeWindowMessageFilter), ref: 0094C312
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000), ref: 0094C31B
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000), ref: 0094C329
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                                                                                                                                              • String ID: ChangeWindowMessageFilter$user32.dll
                                                                                                                                                                                                                                              • API String ID: 2061474489-2498399450
                                                                                                                                                                                                                                              • Opcode ID: 95c779d44682629c64b26f3defb84e70cec3319ad4617ebae5fbd839f7af2e96
                                                                                                                                                                                                                                              • Instruction ID: 11927c82bbc18e9f4137857436f62f7de35c7a5e403d2175efbc86d16c9e1260
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95c779d44682629c64b26f3defb84e70cec3319ad4617ebae5fbd839f7af2e96
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDF0FE75742615AFDF519FF5AC08C6E7ADCEA057A13008526FC05D2260DB34C80286A4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094C627 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(uxtheme.dll), ref: 0094C639
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,EndBufferedPaint), ref: 0094C649
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000), ref: 0094C652
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000), ref: 0094C660
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                                                                                                                                              • String ID: EndBufferedPaint$uxtheme.dll
                                                                                                                                                                                                                                              • API String ID: 2061474489-2993015961
                                                                                                                                                                                                                                              • Opcode ID: e22b2f7e0a6e83d1c98b030b84e7d06c80d494c03fd6f7270e392e514e4905f6
                                                                                                                                                                                                                                              • Instruction ID: 6286658040b726a00b7a6d100418660f0ea77fd603e8ce6f894ec4edeffedc34
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e22b2f7e0a6e83d1c98b030b84e7d06c80d494c03fd6f7270e392e514e4905f6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0F08971743716AFCB109BF4AD0CDA97B9DAB057513019416BD09D7260DF348801D6E4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094C29B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(uxtheme.dll,?,0096745A,?,?,009670A1,113E2069,?,?,?,Function_0015D030,000000FF), ref: 0094C2AA
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,BufferedPaintUnInit), ref: 0094C2BA
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000,?,0096745A,?,?,009670A1,113E2069,?,?,?,Function_0015D030,000000FF), ref: 0094C2C3
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000,?,0096745A,?,?,009670A1,113E2069,?,?,?,Function_0015D030,000000FF), ref: 0094C2D1
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                                                                                                                                              • String ID: BufferedPaintUnInit$uxtheme.dll
                                                                                                                                                                                                                                              • API String ID: 2061474489-1501038116
                                                                                                                                                                                                                                              • Opcode ID: 3b22e63d6c0ad6f5c079176edcdbdc7b3eeed4d6966c176f00943da2eef8c77c
                                                                                                                                                                                                                                              • Instruction ID: 991f292ffd3d3926cff878908e78a2a33ae2c1bd9cb6bab43bfd6c1b684fd66e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b22e63d6c0ad6f5c079176edcdbdc7b3eeed4d6966c176f00943da2eef8c77c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DE06575742621AFCB50E7F07C0CEE97698AB457613014416F901E7260DFA4CC029AA8
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094C686 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(shell32.dll,00000000,00941EFF), ref: 0094C695
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InitNetworkAddressControl), ref: 0094C6A5
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000), ref: 0094C6AE
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000,00000000,00941EFF), ref: 0094C6BC
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                                                                                                                                              • String ID: InitNetworkAddressControl$shell32.dll
                                                                                                                                                                                                                                              • API String ID: 2061474489-1950653938
                                                                                                                                                                                                                                              • Opcode ID: 4b1dd3927b79fcea9face551d777a997a8240822466e1b5b8f049c8bbfcfd8da
                                                                                                                                                                                                                                              • Instruction ID: 979ce1112ad954cc927f064a674a40eac4ac3c601196eb5b761158cb1740846c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b1dd3927b79fcea9face551d777a997a8240822466e1b5b8f049c8bbfcfd8da
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FE065B1742B22AFCB50DBF07D1CD7A769CBA117A13069516FD01D61A4DF348C0286A4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0095417E Relevance: 9.4, APIs: 6, Instructions: 440COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 00954185
                                                                                                                                                                                                                                                • Part of subcall function 00943A5A: GetWindowTextLengthW.USER32(?), ref: 00943A6C
                                                                                                                                                                                                                                                • Part of subcall function 00943A5A: GetWindowTextW.USER32(?,00000000,00000001), ref: 00943A85
                                                                                                                                                                                                                                              • InflateRect.USER32(?,?,?), ref: 009542DC
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(?), ref: 009542E8
                                                                                                                                                                                                                                              • InflateRect.USER32(?,00000000,00000000), ref: 00954396
                                                                                                                                                                                                                                              • OffsetRect.USER32(?,00000001,00000001), ref: 00954458
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 0095450E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$EmptyInflateTextWindow$H_prolog3_LengthOffset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2648887860-0
                                                                                                                                                                                                                                              • Opcode ID: c2acfbe838f0992a31d119d8c6b1b92afd10f6582bfacdfa76879a75da983785
                                                                                                                                                                                                                                              • Instruction ID: 34d064816315a8be5d92c2d4396b6bfd59e56bbba0ebc9aea8438d95f4fb0c96
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2acfbe838f0992a31d119d8c6b1b92afd10f6582bfacdfa76879a75da983785
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DBF16B70A00619DFCF54CFA9C884AAD77B9BF48315F18407AEC06AB295DB34AD4ACF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00A773B8 Relevance: 9.3, APIs: 6, Instructions: 285COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 00A77540
                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A7755C
                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 00A77573
                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A77591
                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 00A775A8
                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A775C6
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1992179935-0
                                                                                                                                                                                                                                              • Opcode ID: ef774cacf1817f84d44bf6080eb3aae843b5b103258a267d360051ae951e5173
                                                                                                                                                                                                                                              • Instruction ID: a88e1fb939c83c1227d234de57bac346ecc99831d2116edbfcdfd0d9f3ba137c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef774cacf1817f84d44bf6080eb3aae843b5b103258a267d360051ae951e5173
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F81F772604B06ABD724AF38DC82B6E77E9EF44764F24C529F419D76C1EB70D9008B94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009884F1 Relevance: 9.2, APIs: 6, Instructions: 186windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CallNextHookEx.USER32(00000000,?,?), ref: 0098850C
                                                                                                                                                                                                                                                • Part of subcall function 009B2D0D: GetKeyboardState.USER32(?), ref: 009B2D27
                                                                                                                                                                                                                                                • Part of subcall function 009B2D0D: GetKeyboardLayout.USER32(?), ref: 009B2D4D
                                                                                                                                                                                                                                                • Part of subcall function 009B2D0D: MapVirtualKeyW.USER32(?,00000000), ref: 009B2D5A
                                                                                                                                                                                                                                                • Part of subcall function 009B2D0D: ToUnicodeEx.USER32(?,00000000,?,?,00000002,00000000,00000000), ref: 009B2D77
                                                                                                                                                                                                                                                • Part of subcall function 009B2F57: GetAsyncKeyState.USER32(00000012), ref: 009B2F79
                                                                                                                                                                                                                                                • Part of subcall function 009B2F57: GetAsyncKeyState.USER32(00000012), ref: 009B2F99
                                                                                                                                                                                                                                              • WindowFromPoint.USER32(?,?), ref: 00988536
                                                                                                                                                                                                                                              • ScreenToClient.USER32(00000020,00000200), ref: 0098856C
                                                                                                                                                                                                                                              • GetParent.USER32(00000020), ref: 009885D3
                                                                                                                                                                                                                                              • UpdateWindow.USER32(?), ref: 00988639
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000100,00000024,00000000), ref: 00988707
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: State$AsyncKeyboardWindow$CallClientFromHookLayoutMessageNextParentPointScreenSendUnicodeUpdateVirtual
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1336928137-0
                                                                                                                                                                                                                                              • Opcode ID: 255fd5b9a566da0794d34382eb89d99f76d82b4801f561551511a7b14f7f6a84
                                                                                                                                                                                                                                              • Instruction ID: e9dc1003bc4e4eae5d7d3be490f0bb9ff8305c87d91ca5dacac2a7be6e2e069f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 255fd5b9a566da0794d34382eb89d99f76d82b4801f561551511a7b14f7f6a84
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65617D75A00205EFCB15EFA0DC44AAE7BB5FF88350F24456AE815A73A1DF31AA02DF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0097D5FC Relevance: 9.2, APIs: 6, Instructions: 172windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetParent.USER32(00000000), ref: 0097D68A
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000040C,00000000,00000000), ref: 0097D6C6
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000041C,00000000,?), ref: 0097D6F9
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(?), ref: 0097D766
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000040B,00000000,?), ref: 0097D7C6
                                                                                                                                                                                                                                              • RedrawWindow.USER32(00000000,00000000,00000000,00000505), ref: 0097D7F5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$EmptyParentRectRedrawWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3879113052-0
                                                                                                                                                                                                                                              • Opcode ID: 1cece6618f83471dbd820e1705b252b72c78be88c875c693da88b2d2357d402d
                                                                                                                                                                                                                                              • Instruction ID: b305883bcc9663efcf802d6650ad4ef39fc7ff5297deeb33c3b8b853b33f70f6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1cece6618f83471dbd820e1705b252b72c78be88c875c693da88b2d2357d402d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 486180B5E016199FDB18DFA8C894BADBBB9FF48710F14412EE509A7291DB746D01CF80
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0095E402 Relevance: 9.1, APIs: 6, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0095E461
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000120C,00000000,00000001), ref: 0095E4A8
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000120C,00000001,00000001), ref: 0095E4DC
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000201,00000000,00000000), ref: 0095E566
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000202,00000000,00000000), ref: 0095E582
                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 0095E5A2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$Rect$Client
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4194289498-0
                                                                                                                                                                                                                                              • Opcode ID: 79a7356d78733ea8994f88833717dd24d08306d14f85de524e80237eefc4278c
                                                                                                                                                                                                                                              • Instruction ID: d0a26eae567f19e5b89529c65ac6d3fd9fcfbb4526ab01ca9acbb1a27eae3a6b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79a7356d78733ea8994f88833717dd24d08306d14f85de524e80237eefc4278c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85516271700616DFCB09DFA5C9449AEBBB5FF48311F044156F809E7251EB35AA51CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00975141 Relevance: 9.1, APIs: 6, Instructions: 135COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FillRect.USER32(?,?,00000000), ref: 00975180
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 009751A1
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 009751C3
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0097526B
                                                                                                                                                                                                                                              • MapWindowPoints.USER32(?,?,?,00000002), ref: 0097527D
                                                                                                                                                                                                                                              • DrawThemeBackground.UXTHEME(?,?,00000000,00000000,?,00000000), ref: 009752A5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$Window$BackgroundClientDrawFillParentPointsTheme
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2136005349-0
                                                                                                                                                                                                                                              • Opcode ID: 0b21adc07aa4e9c1f6fb5ff23dcee807cd7d3f5a496d4e62744da5061d348e76
                                                                                                                                                                                                                                              • Instruction ID: c683260c010b618e2516a5604206003e5c00e2f006fd2c828c4d2f9f97c09917
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b21adc07aa4e9c1f6fb5ff23dcee807cd7d3f5a496d4e62744da5061d348e76
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB510B72A00619DFCB50DFA5D9459AEBBF8FF88310B15856AE819E7221D770ED01CFA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009581E5 Relevance: 9.1, APIs: 6, Instructions: 96windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 009581F0
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000146,00000000,00000000), ref: 00958211
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00958225
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000146,00000000,00000000), ref: 00958253
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00958267
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 0095827F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$H_prolog3Window
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3728102838-0
                                                                                                                                                                                                                                              • Opcode ID: a164186907d67d112c9648303f54eca56fc19a94c8a86fd53f0b66f7d817957f
                                                                                                                                                                                                                                              • Instruction ID: c044adf790d70c0d24d571b84730df6cbd9614fb29e7d0777faf0f1547254956
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a164186907d67d112c9648303f54eca56fc19a94c8a86fd53f0b66f7d817957f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9931C231700529BBDB14EBA1CC59AAFBF79FF45361F100125F815A62A1DF709D01CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009587AA Relevance: 9.1, APIs: 6, Instructions: 86keyboardwindowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 009587DF
                                                                                                                                                                                                                                              • GetKeyState.USER32(00000012), ref: 0095880D
                                                                                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 0095881E
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000157,00000000,00000000), ref: 00958833
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014F,00000001,00000000), ref: 00958848
                                                                                                                                                                                                                                              • GetNextDlgTabItem.USER32(?,?,00000000), ref: 00958887
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSendState$ItemNextParent
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1930099164-0
                                                                                                                                                                                                                                              • Opcode ID: ebc146036a6441143643203a916ea55ba290c58d6983d18071c0a08b8a12970a
                                                                                                                                                                                                                                              • Instruction ID: 60ad60406649cae90bdf8224bbd4b87f3dea91c7c8be724c67ee4d539aa84c2b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ebc146036a6441143643203a916ea55ba290c58d6983d18071c0a08b8a12970a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB21D071700600EFDA28EBB6DC54A3B36ADFB44752B80083DFB6AE60A0DF609C059B10
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093E2C4 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 0093E2EE
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 0093E2F9
                                                                                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000002), ref: 0093E30C
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0093E356
                                                                                                                                                                                                                                              • FlushFileBuffers.KERNEL32(000000FF,00000000,00000000,00000000), ref: 0093E370
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0093E386
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentErrorLastProcess$BuffersDuplicateFileFlushHandle
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1021147024-0
                                                                                                                                                                                                                                              • Opcode ID: c22be3ac0bec3456396938a2b64f4bf38305130e1ff1d45b3680dcfca3972b43
                                                                                                                                                                                                                                              • Instruction ID: 0fc5d4df344fb469a15bca1c9b6798126fba8310c3a139dccd29499aed381524
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c22be3ac0bec3456396938a2b64f4bf38305130e1ff1d45b3680dcfca3972b43
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4219F31A00614ABDB20EFF49C99A5B7BA8AF84320F14856AF916DB291DB70DC02CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009675F8 Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 009675FF
                                                                                                                                                                                                                                              • CreateRectRgnIndirect.GDI32(00000000), ref: 0096761F
                                                                                                                                                                                                                                                • Part of subcall function 00940E4A: SelectClipRgn.GDI32(?,00000000), ref: 00940E6A
                                                                                                                                                                                                                                                • Part of subcall function 00940E4A: SelectClipRgn.GDI32(?,00000000), ref: 00940E80
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0096763F
                                                                                                                                                                                                                                              • DrawThemeParentBackground.UXTHEME(?,00000000,00000000,00000000,?,?,00000018,00954747,?,?,?), ref: 00967660
                                                                                                                                                                                                                                              • MapWindowPoints.USER32(?,?,00000000,00000001), ref: 00967694
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000014,00000000,00000000), ref: 009676C0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClipParentSelect$BackgroundCreateDrawH_prolog3IndirectMessagePointsRectSendThemeWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 935984306-0
                                                                                                                                                                                                                                              • Opcode ID: efb23b38184c7dbd5d1eec9b949aff7459bca5a6480bfc4a1dd8c3754bf63e09
                                                                                                                                                                                                                                              • Instruction ID: db40541074f2f80166058179e27aad68cdaafc773b5c111e0fc588896f5d4878
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: efb23b38184c7dbd5d1eec9b949aff7459bca5a6480bfc4a1dd8c3754bf63e09
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7314A72A0060AAFCF01DFE4C999FAEBBB4FF48315F004418F605AA261CB759905DFA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096A9A4 Relevance: 9.1, APIs: 6, Instructions: 79windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • PatBlt.GDI32(00000000,00000000,?,-00000002,00FF0062,00000000), ref: 0096A9C8
                                                                                                                                                                                                                                              • SetBkColor.GDI32(?), ref: 0096A9EE
                                                                                                                                                                                                                                              • BitBlt.GDI32(00000000,00000000,?,00000000,?,00000000,00CC0020,?,0096B375), ref: 0096AA16
                                                                                                                                                                                                                                              • SetBkColor.GDI32(?), ref: 0096AA30
                                                                                                                                                                                                                                              • BitBlt.GDI32(00000000,00000000,?,00000000,?,00000000,00EE0086,?,0096B375), ref: 0096AA58
                                                                                                                                                                                                                                              • BitBlt.GDI32(00000000,00000001,00000001,?,00000001,00000000,00000000,00000000,008800C6), ref: 0096AA80
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Color
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2811717613-0
                                                                                                                                                                                                                                              • Opcode ID: abee20531eb7f8a24338ebdcb87c105ad23d5b9c21fefc4f73fab30b2db8c90c
                                                                                                                                                                                                                                              • Instruction ID: f8b5b54b56d456b2a8c6b09b91817403c511097725dcaaec60a985970b379a9a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abee20531eb7f8a24338ebdcb87c105ad23d5b9c21fefc4f73fab30b2db8c90c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C214572200A80FFC721CBC6ED49E67BBBEEBC5B19710450AF94197171CBB1A855CB20
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093E399 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(?,?), ref: 0093E3A8
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0093E3B6
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0093E3D3
                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,?,00000001,00000000,?,?,?,00000000,00000000), ref: 0093E3FB
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,00000000), ref: 0093E409
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,00000000), ref: 0093E426
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$File$PointerSize
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1570593808-0
                                                                                                                                                                                                                                              • Opcode ID: 814be3caac5c12c87908739713eeb0223ccee0855eb1355bd25f753ee0305df2
                                                                                                                                                                                                                                              • Instruction ID: f271a16c1c9a3d8c444a00b992e5978c2d9c7a5a1605da6d8133a0096a677009
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 814be3caac5c12c87908739713eeb0223ccee0855eb1355bd25f753ee0305df2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C110375900618AFDB24EBF5DC4D9DFBBACEF44370B10866AF412D7650EA70EE008A50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093D385 Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFocus.USER32 ref: 0093D389
                                                                                                                                                                                                                                                • Part of subcall function 0093D6E5: GetWindowLongW.USER32(?,000000F0), ref: 0093D700
                                                                                                                                                                                                                                                • Part of subcall function 0093D6E5: GetClassNameW.USER32(?,?,0000000A), ref: 0093D715
                                                                                                                                                                                                                                                • Part of subcall function 0093D6E5: CompareStringW.KERNEL32(0000007F,00000001,?,000000FF,combobox,000000FF), ref: 0093D72C
                                                                                                                                                                                                                                              • GetParent.USER32(00000000), ref: 0093D3AA
                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0093D3C9
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0093D3D7
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0093D3DF
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000014F,00000000,00000000), ref: 0093D3F3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$LongParent$ClassCompareDesktopFocusMessageNameSendString
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1233893325-0
                                                                                                                                                                                                                                              • Opcode ID: e04965fc2d39b4ea55de6e54d6890ad2e46884f56ec3988a900a4fba966c64c4
                                                                                                                                                                                                                                              • Instruction ID: fd4ba34ff0b042e30c01423c1adc3cc50d5b32c1f11a9f86499595f51107fc49
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e04965fc2d39b4ea55de6e54d6890ad2e46884f56ec3988a900a4fba966c64c4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56F0AF3A30262527D32267A8BD69B7E722DDF81F69F450026F906E61D49F248C028DF2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00944750 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 215windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0093BB3C: __EH_prolog3.LIBCMT ref: 0093BB43
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000433,00000000,?), ref: 00944928
                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000FC), ref: 00944933
                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000FC), ref: 00944947
                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000FC,00000000), ref: 00944970
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LongWindow$H_prolog3MessageSend
                                                                                                                                                                                                                                              • String ID: ,
                                                                                                                                                                                                                                              • API String ID: 4140968126-3772416878
                                                                                                                                                                                                                                              • Opcode ID: 04933c4741f041edf388e1bdd866b9edf3fb6a12ddea9b5febd200b6ea028498
                                                                                                                                                                                                                                              • Instruction ID: c5481ae428ecbd9188ced76bfe6e86f61f20bd5774eb2036546ab1ed5f46feb2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04933c4741f041edf388e1bdd866b9edf3fb6a12ddea9b5febd200b6ea028498
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75719F35B00615AFCB15EFA4C885F6DBBA9FF88710B04416AE9059B3A2DF70ED01CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093A740 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: H_prolog3
                                                                                                                                                                                                                                              • String ID: Invalid DateTime
                                                                                                                                                                                                                                              • API String ID: 431132790-2190634649
                                                                                                                                                                                                                                              • Opcode ID: 2befd1164f62371239930efdc2a358cd7ff11629f4ae9bd1f25b214a197c6b61
                                                                                                                                                                                                                                              • Instruction ID: 79493abf71cb7a63128495c6bd6dfa046c579e83d2e9f4363244fdc5cde514de
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2befd1164f62371239930efdc2a358cd7ff11629f4ae9bd1f25b214a197c6b61
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC418271A04109ABDF14EFE4CC56BBEB775AF80324F204509F5A56B2D2CB309A41CFA6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094D375 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: Edit
                                                                                                                                                                                                                                              • API String ID: 0-554135844
                                                                                                                                                                                                                                              • Opcode ID: 23e492f97cfe29fa21f0ad40331ad2633f49aae1e39585a8d236e57fc60c0fab
                                                                                                                                                                                                                                              • Instruction ID: c804700c51d09b7492ccc11f80dea6d2adda821d234fb202d6247d2a505b69f5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23e492f97cfe29fa21f0ad40331ad2633f49aae1e39585a8d236e57fc60c0fab
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C211A138302201EBEB216F65EC09F7676ACAF45758F144539B542E24F1DB71E802DAA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093E246 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50libraryfileloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,?,?,00000000,00000000,?,?,0093DFA6,113E2069), ref: 0093E259
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 0093E269
                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,?,113E2069,0093DFA6,?,?,00000000,?,00000000,?,?,00000000,00000000,?,?,0093DFA6), ref: 0093E2B2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressCreateFileHandleModuleProc
                                                                                                                                                                                                                                              • String ID: CreateFileTransactedW$kernel32.dll
                                                                                                                                                                                                                                              • API String ID: 2580138172-2053874626
                                                                                                                                                                                                                                              • Opcode ID: 7f300b044c1a099116f3fb014894ffc2a89d056f25d482d934e27160bb1c3189
                                                                                                                                                                                                                                              • Instruction ID: bd18e6750a343130ef03fd1d8119b4467e0822b1d289eb09647213cf5a5be052
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f300b044c1a099116f3fb014894ffc2a89d056f25d482d934e27160bb1c3189
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC01E97620050AFFCF129F94DC44CAB7FAEFB587A1B158529FA25511A0CB36C861AF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096C614 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindResourceW.KERNEL32(00000000,?,PNG,?,?,?,00AA5F10,?,0096D4BB,?,00000000,?), ref: 0096C636
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,?,00AA5F10,?,0096D4BB,?,00000000,?), ref: 0096C644
                                                                                                                                                                                                                                              • LockResource.KERNEL32(00000000,?,00AA5F10,?,0096D4BB,?,00000000,?), ref: 0096C64F
                                                                                                                                                                                                                                              • SizeofResource.KERNEL32(00000000,00000000,?,00AA5F10,?,0096D4BB,?,00000000,?), ref: 0096C65D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                                                                              • String ID: PNG
                                                                                                                                                                                                                                              • API String ID: 3473537107-364855578
                                                                                                                                                                                                                                              • Opcode ID: e22c4cc0b8334cfc25ec748c4d960c7ae762ec5756f52a321fcf6ed916663eb2
                                                                                                                                                                                                                                              • Instruction ID: 23d6954ad4aba5a2e266c3697f29590b9e570bb497ff389e48e0109aea520dc3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e22c4cc0b8334cfc25ec748c4d960c7ae762ec5756f52a321fcf6ed916663eb2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23F0F6B66006127B87019BE5DC08E7FB7ACEE86BA0300901AF841A7210DF70DD0187BA
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094C3DB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000), ref: 0094C414
                                                                                                                                                                                                                                                • Part of subcall function 00942979: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 0094299F
                                                                                                                                                                                                                                                • Part of subcall function 00942979: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 009429AF
                                                                                                                                                                                                                                                • Part of subcall function 00942979: EncodePointer.KERNEL32(00000000,?,00000000), ref: 009429B8
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DwmDefWindowProc), ref: 0094C3FD
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000), ref: 0094C406
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressEncodeProc$DecodeHandleModule
                                                                                                                                                                                                                                              • String ID: DwmDefWindowProc$dwmapi.dll
                                                                                                                                                                                                                                              • API String ID: 1102202064-234806475
                                                                                                                                                                                                                                              • Opcode ID: 2761c1212b4f1634333e70c4c957a57067a8be9a4afe3b25d7d63ebc90fcd130
                                                                                                                                                                                                                                              • Instruction ID: 30fd0849f862ef9945549bbada84f3bbec97cd0fa0a49a64436095dabdc35f5f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2761c1212b4f1634333e70c4c957a57067a8be9a4afe3b25d7d63ebc90fcd130
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CF03075602616AFCF11AFE0AE28DBA3FA9AB457A07404425FE05D2171DB30C8119BA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094C4FB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000), ref: 0094C534
                                                                                                                                                                                                                                                • Part of subcall function 00942979: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 0094299F
                                                                                                                                                                                                                                                • Part of subcall function 00942979: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 009429AF
                                                                                                                                                                                                                                                • Part of subcall function 00942979: EncodePointer.KERNEL32(00000000,?,00000000), ref: 009429B8
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DwmSetIconicLivePreviewBitmap), ref: 0094C51D
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000), ref: 0094C526
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressEncodeProc$DecodeHandleModule
                                                                                                                                                                                                                                              • String ID: DwmSetIconicLivePreviewBitmap$dwmapi.dll
                                                                                                                                                                                                                                              • API String ID: 1102202064-1757063745
                                                                                                                                                                                                                                              • Opcode ID: 17c6984ec89175adeeecacabe51a59efc531924ab2e34e4efb00b2e570680fc0
                                                                                                                                                                                                                                              • Instruction ID: d1a535af4c6f2b2c68e912f54d56ab549f5e6b286af4b148b9a3e2e9a06e3bf6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17c6984ec89175adeeecacabe51a59efc531924ab2e34e4efb00b2e570680fc0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20F09A76646616AFCF11ABE4AD08D6E3FA8AB067603000415FE05D6260CB30E9128BA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094C5C2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000), ref: 0094C5FB
                                                                                                                                                                                                                                                • Part of subcall function 00942979: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 0094299F
                                                                                                                                                                                                                                                • Part of subcall function 00942979: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 009429AF
                                                                                                                                                                                                                                                • Part of subcall function 00942979: EncodePointer.KERNEL32(00000000,?,00000000), ref: 009429B8
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DwmSetWindowAttribute), ref: 0094C5E4
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000), ref: 0094C5ED
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressEncodeProc$DecodeHandleModule
                                                                                                                                                                                                                                              • String ID: DwmSetWindowAttribute$dwmapi.dll
                                                                                                                                                                                                                                              • API String ID: 1102202064-3105884578
                                                                                                                                                                                                                                              • Opcode ID: c63514046271996e9b500d0815d71c3f1941bc691d13d5cc145577b11f481a58
                                                                                                                                                                                                                                              • Instruction ID: ce199fe1bad1a1e2089982558e12a511d2d98b14529e5ad2be0fb9b49e13c4b3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c63514046271996e9b500d0815d71c3f1941bc691d13d5cc145577b11f481a58
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EF0B471602617AFCF11AFE4EC08C6E3BA8BB057A17015429FD05E6260CF31CC11CAA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094C49C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000), ref: 0094C4D5
                                                                                                                                                                                                                                                • Part of subcall function 00942979: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 0094299F
                                                                                                                                                                                                                                                • Part of subcall function 00942979: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 009429AF
                                                                                                                                                                                                                                                • Part of subcall function 00942979: EncodePointer.KERNEL32(00000000,?,00000000), ref: 009429B8
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DwmIsCompositionEnabled), ref: 0094C4BE
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000), ref: 0094C4C7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressEncodeProc$DecodeHandleModule
                                                                                                                                                                                                                                              • String ID: DwmIsCompositionEnabled$dwmapi.dll
                                                                                                                                                                                                                                              • API String ID: 1102202064-1198327662
                                                                                                                                                                                                                                              • Opcode ID: d0191cba5194b23be3a42047813b68953d8c8c63cfcae580d406c047c9799255
                                                                                                                                                                                                                                              • Instruction ID: 738c308f5f5273a2d7c189478dc93f77f9920ac473bed69242de9360f4362cb9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0191cba5194b23be3a42047813b68953d8c8c63cfcae580d406c047c9799255
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6F08275792712AFCB41ABF4EE19F7937ACAB467A17008416FE05E7260DF24DC018BA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094C560 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000), ref: 0094C599
                                                                                                                                                                                                                                                • Part of subcall function 00942979: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 0094299F
                                                                                                                                                                                                                                                • Part of subcall function 00942979: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 009429AF
                                                                                                                                                                                                                                                • Part of subcall function 00942979: EncodePointer.KERNEL32(00000000,?,00000000), ref: 009429B8
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DwmSetIconicThumbnail), ref: 0094C582
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000), ref: 0094C58B
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressEncodeProc$DecodeHandleModule
                                                                                                                                                                                                                                              • String ID: DwmSetIconicThumbnail$dwmapi.dll
                                                                                                                                                                                                                                              • API String ID: 1102202064-2331651847
                                                                                                                                                                                                                                              • Opcode ID: 8ee219acf5ac44d4c7a32c4fa422ba9df61c6b40515b6f8df554e970f31ee2b9
                                                                                                                                                                                                                                              • Instruction ID: 8d9a19a0865b7edc39279f35edef0a5f6e7ad1c8e166400a3895e3454e57a653
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ee219acf5ac44d4c7a32c4fa422ba9df61c6b40515b6f8df554e970f31ee2b9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85F0E275646712EFCF11ABE0AD08CAE3FADAF197613000426FD06DA260EB30DC018AA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094C440 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000), ref: 0094C479
                                                                                                                                                                                                                                                • Part of subcall function 00942979: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 0094299F
                                                                                                                                                                                                                                                • Part of subcall function 00942979: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 009429AF
                                                                                                                                                                                                                                                • Part of subcall function 00942979: EncodePointer.KERNEL32(00000000,?,00000000), ref: 009429B8
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DwmInvalidateIconicBitmaps), ref: 0094C462
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000), ref: 0094C46B
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressEncodeProc$DecodeHandleModule
                                                                                                                                                                                                                                              • String ID: DwmInvalidateIconicBitmaps$dwmapi.dll
                                                                                                                                                                                                                                              • API String ID: 1102202064-1901905683
                                                                                                                                                                                                                                              • Opcode ID: 7c90d64c02fc7423463d1dcbc2c575b181cf8986e8edea42724bfd806ffd108f
                                                                                                                                                                                                                                              • Instruction ID: 426949cb972f2912c2145f823848d9ad31a24554450f4b2ac9cf04428da6f64b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c90d64c02fc7423463d1dcbc2c575b181cf8986e8edea42724bfd806ffd108f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84F0A775B42722BFDB11A7F5AE18D793A9C5B457613004516FD05E7270DF34CC0246B4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0095C4D9 Relevance: 7.6, APIs: 5, Instructions: 143windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000120C,00000000,00000002), ref: 0095C55C
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000120C,00000001,00000002), ref: 0095C591
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0095C5B7
                                                                                                                                                                                                                                              • GetCapture.USER32 ref: 0095C646
                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 0095C650
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CaptureMessageSend$RedrawReleaseWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2167886739-0
                                                                                                                                                                                                                                              • Opcode ID: c24e2029bc17bb3718580fbd6f6e09b9b04416a93bcd506bf4a0a49bbeea0431
                                                                                                                                                                                                                                              • Instruction ID: 53c29049585e396c32be3acb90c3442d2a0d474bb30fc6b0a2f4e02255c1b159
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c24e2029bc17bb3718580fbd6f6e09b9b04416a93bcd506bf4a0a49bbeea0431
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C418A757012159FCB09DF65EC88BAD7BA9EF48761F18106AEC0A97391CF74AD02CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009985D1 Relevance: 7.6, APIs: 5, Instructions: 100windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 009985EF
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000439,00000000,?), ref: 00998634
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000410,00000000,?), ref: 00998678
                                                                                                                                                                                                                                              • ScreenToClient.USER32(00000000,?), ref: 009986A0
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000407,00000000,?), ref: 009986C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$ClientScreenWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4074774880-0
                                                                                                                                                                                                                                              • Opcode ID: 548987bc18512aa2fd9e8076619a2f4526c898da23457be200fc7d8609018aca
                                                                                                                                                                                                                                              • Instruction ID: 97ff4f235fabf4d25a9f9469f41832eb0d15e99a3bfdd27407183d7a4060f4db
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 548987bc18512aa2fd9e8076619a2f4526c898da23457be200fc7d8609018aca
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51319672A00218ABDF04DFE4DD45ADFBBB9FF49710F10411AFA05A7291DB70AD118BA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094646E Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00946478
                                                                                                                                                                                                                                              • GetTopWindow.USER32(?), ref: 009464A5
                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(00000000), ref: 009464B7
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000087,00000000,00000000), ref: 00946512
                                                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000002), ref: 00946554
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$CtrlH_prolog3MessageSend
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 849854284-0
                                                                                                                                                                                                                                              • Opcode ID: 4857bb474f2354412352603a5aa468d1840e6453051ec949c818b57fd0ccdccf
                                                                                                                                                                                                                                              • Instruction ID: d4b08346c005595817311386624b044ae7c00cafebc8bcf46b51fe5b40473481
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4857bb474f2354412352603a5aa468d1840e6453051ec949c818b57fd0ccdccf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F421B5B2910214ABDF35EB64CD49FBE767AEF92300F100199F905A2196DF308F01CB52
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009606A1 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0093FC25: __EH_prolog3.LIBCMT ref: 0093FC2C
                                                                                                                                                                                                                                                • Part of subcall function 0093FC25: GetDC.USER32(00000000), ref: 0093FC58
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 009606C9
                                                                                                                                                                                                                                              • InvertRect.USER32(?,?), ref: 009606D7
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(?), ref: 009606E9
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00960706
                                                                                                                                                                                                                                              • InvertRect.USER32(?,?), ref: 00960756
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$EmptyInvert$ClientH_prolog3
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1656078942-0
                                                                                                                                                                                                                                              • Opcode ID: 50f60660cc670a40fe3b5af5a9cb6518d824403428377ef408bac065418b956a
                                                                                                                                                                                                                                              • Instruction ID: 5bad40d1bdca40261a4709dc870ccf3c9b99cef3d044e52f0fdaae4a70b74120
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 50f60660cc670a40fe3b5af5a9cb6518d824403428377ef408bac065418b956a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40211971A006099FCB15DFB4CC84AEFBBF9FF89310F14452AE406E6211EB716A468B60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0097B735 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FillRect.USER32(?,?,00000000), ref: 0097B772
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0097B789
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0097B79C
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0097B7A5
                                                                                                                                                                                                                                              • MapWindowPoints.USER32(?,?,?,00000002), ref: 0097B7BD
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ParentRect$ClientFillPointsWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3058756167-0
                                                                                                                                                                                                                                              • Opcode ID: 2b4129bc972d9b209c6599a695a871887f43c044828bfebe5061ea7975f726a8
                                                                                                                                                                                                                                              • Instruction ID: 81a5c6f36e9175a9c8386de483ccc621abffabe67f91fbf2eb516fa077d321b9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b4129bc972d9b209c6599a695a871887f43c044828bfebe5061ea7975f726a8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56218372A00519EFCB05DFA4CD459AEBBB9FF49700F40805AF905A7221DB71AA01CFD1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096B82B Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 0096B849
                                                                                                                                                                                                                                                • Part of subcall function 0093D451: DeleteObject.GDI32(?), ref: 0093D463
                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 0096B85E
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 0096B8C4
                                                                                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 0096B8D3
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00AF1440), ref: 0096B8EA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Object$Delete$Select$CriticalLeaveSection
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3849354926-0
                                                                                                                                                                                                                                              • Opcode ID: 2e34ca874aa26f19829a390f4d64b7b9498e1745b9b9a78d6580b40a8e991090
                                                                                                                                                                                                                                              • Instruction ID: 2f96899a99e5faa5cd09fdc3bde46b8b31bd850582bc60c57e97065b4df4c785
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e34ca874aa26f19829a390f4d64b7b9498e1745b9b9a78d6580b40a8e991090
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3321A171900205DFCF10EF95DC88B99BBBDFF80311F104566EE149B1A2DB719881CB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0098781F Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 00987826
                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,00000000), ref: 00987874
                                                                                                                                                                                                                                              • CreateRoundRectRgn.GDI32(00000000,00000000,00000001,?,00000004,00000004), ref: 0098789E
                                                                                                                                                                                                                                              • SetWindowRgn.USER32(00000000,?,00000000), ref: 009878B4
                                                                                                                                                                                                                                              • SetWindowRgn.USER32(00000000,00000000,00000000), ref: 009878CC
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Rect$CreateH_prolog3_Round
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2502471913-0
                                                                                                                                                                                                                                              • Opcode ID: 4812dfd5498c94c6d6ef32ac73e899c8e085616f378b644bc18c3cf5bce36325
                                                                                                                                                                                                                                              • Instruction ID: 4a36ec64eed961939a68bf605b680c496d577f68a54cef254708296201c9f758
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4812dfd5498c94c6d6ef32ac73e899c8e085616f378b644bc18c3cf5bce36325
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 762129B5A0060AAFDF04EFA4C988ABDFBB8FF48754F14012AE545A3650CB349D51CFA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0097C2A5 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DrawThemeBackground.UXTHEME(00000000,?,00000001,00000000,?,00000000), ref: 0097C2D9
                                                                                                                                                                                                                                              • GetThemeColor.UXTHEME(00000000,00000001,00000000,00000EDB,?), ref: 0097C2EC
                                                                                                                                                                                                                                              • GetThemeColor.UXTHEME(00000000,00000001,00000000,00000EDF,?), ref: 0097C301
                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(00000018), ref: 0097C30B
                                                                                                                                                                                                                                              • FillRect.USER32(?,?,00000000), ref: 0097C322
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ColorTheme$BackgroundBrushDrawFillRect
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3021913306-0
                                                                                                                                                                                                                                              • Opcode ID: b43f887d03c6556cc4990b0472286a5d0a84e436d71658eaf74362573dce1dd0
                                                                                                                                                                                                                                              • Instruction ID: 46e75c0a0c0cbf4003cbb2e91c6400447683577df8a69bbd3d1b7ce35d1d5995
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b43f887d03c6556cc4990b0472286a5d0a84e436d71658eaf74362573dce1dd0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A115EB3250615BFDB21CB94DD46FAA77A9FB08B51F10841AF716A61D0CBB1A810CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096539F Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetObjectW.GDI32(?,0000005C,?), ref: 009653C8
                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 009653DF
                                                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 009653F9
                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00965417
                                                                                                                                                                                                                                              • UpdateWindow.USER32(?), ref: 00965420
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$CreateFontIndirectInvalidateObjectRectUpdate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1602852816-0
                                                                                                                                                                                                                                              • Opcode ID: e914aceef06a622b846e6d939a7cd0012bf5e4bbdd63fcec54e38a0abc9055ce
                                                                                                                                                                                                                                              • Instruction ID: 5f02aa0b58384132bb0771c7e5d2426a0558fdf75ecf744956355af7b912d6ed
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e914aceef06a622b846e6d939a7cd0012bf5e4bbdd63fcec54e38a0abc9055ce
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F118E31700A18EBCB14EBB4CD49EAEB7B9FF88710F01401AE905972A1DF74ED418B90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009550A7 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClientCursorRect$Screen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1023402310-0
                                                                                                                                                                                                                                              • Opcode ID: 76020c435c16aa99d551c41276542d9d7534a9fe327ebc732d0bb0b2ad9bb873
                                                                                                                                                                                                                                              • Instruction ID: 406ef58d2f682664518cfabb6ccab55ba0ff9e05cc7b920eee73fb228f4b7433
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76020c435c16aa99d551c41276542d9d7534a9fe327ebc732d0bb0b2ad9bb873
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C112E71E0094ADFCB11DFA5C9459BFFBF8FF44315B00452AE406A2110DB34AA06DF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009579B7 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 009579D5
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000401), ref: 009579F3
                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 00957A10
                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 00957A20
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000401), ref: 00957A30
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: RectRedrawWindow$CaptureRelease
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1080614547-0
                                                                                                                                                                                                                                              • Opcode ID: cd50b6714b106f5a95bce1f2bc7a40fc769bd980a159bbd8661bdb48cc9b5b56
                                                                                                                                                                                                                                              • Instruction ID: 633993ac3d3777edbab7fc13482aa4cf8027eb4b76b28fb0c1ce562e55100c95
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd50b6714b106f5a95bce1f2bc7a40fc769bd980a159bbd8661bdb48cc9b5b56
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63012131604B45EBCB31DFB2DC48E9BBBB9FB84711F00881AF69A82010DB356516DF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00986026 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: H_prolog3
                                                                                                                                                                                                                                              • String ID: %TsMFCToolBar-%d$%TsMFCToolBar-%d%x$MFCToolBars
                                                                                                                                                                                                                                              • API String ID: 431132790-2016111687
                                                                                                                                                                                                                                              • Opcode ID: 5dcb0fa14ebf842a4f3f54eaad5f6782d5fa715c39dbcb24b3d1c653c6fc58f4
                                                                                                                                                                                                                                              • Instruction ID: d3f8d056bd5173d30b3074f02b9612c508af12844578671b0cc929025aab744f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5dcb0fa14ebf842a4f3f54eaad5f6782d5fa715c39dbcb24b3d1c653c6fc58f4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B41C571A00219ABDF10EFA5CC95ABEF779BF84314F140569E916AB382DF709D05CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009888B4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 009888BE
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000040D,00000000,00000000), ref: 009888E9
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000043A,-00000001,00000030), ref: 00988931
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$H_prolog3_
                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                              • API String ID: 3491702567-4108050209
                                                                                                                                                                                                                                              • Opcode ID: 3f0c861273f793f3558d57eaceab7455d3c756ed96d8b5903dbc2bc21dd4c82b
                                                                                                                                                                                                                                              • Instruction ID: 3e61f0765f8210cc9858bee8e09fdcd807942b134a5e22a17c61acfd4b55aedf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f0c861273f793f3558d57eaceab7455d3c756ed96d8b5903dbc2bc21dd4c82b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9318F75A00219AFDB28EB60CD85FB9B778FF85314F0002A5E159A7290DB706E84DF61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009846F7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 0098473C
                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00984749
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000030,-0000011C,00000000), ref: 009847D1
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClientCursorMessageScreenSend
                                                                                                                                                                                                                                              • String ID: ,
                                                                                                                                                                                                                                              • API String ID: 3733300889-3772416878
                                                                                                                                                                                                                                              • Opcode ID: 22f00fb00eab0474426a4e42f62f57077ad8fb9962e37faf029d255ab20ae1a4
                                                                                                                                                                                                                                              • Instruction ID: 4826618dd314c26d7ee27dda98cf791e7f94618054cb78620183e6b014b8f945
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22f00fb00eab0474426a4e42f62f57077ad8fb9962e37faf029d255ab20ae1a4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0316F75A11119EFCB14EBA5EC45BAEBBBCEF09750F104126F905D7261DB30AD118B50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093D556 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0093D811: LoadLibraryW.KERNEL32(?,00AD8CE0,00000010,0093D581,comctl32.dll), ref: 0093D852
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 0093D595
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,comctl32.dll), ref: 0093D5E1
                                                                                                                                                                                                                                                • Part of subcall function 0093D543: GetLastError.KERNEL32(?,?,00000000), ref: 0093D543
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Library$AddressErrorFreeLastLoadProc
                                                                                                                                                                                                                                              • String ID: DllGetVersion$comctl32.dll
                                                                                                                                                                                                                                              • API String ID: 2540614322-3857068685
                                                                                                                                                                                                                                              • Opcode ID: 1006409c52411ba74009f500507055aa6c68230d4cd52cf3c5c02e9612dbe793
                                                                                                                                                                                                                                              • Instruction ID: c44eaba1fb96132293c3dae0e47337858d1d3689c3e664724b6a29c6745ba40c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1006409c52411ba74009f500507055aa6c68230d4cd52cf3c5c02e9612dbe793
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6311E376A01609ABCB01EFA8DC51BAEBBF5AF84715F104425F901EB381EB34DA018F61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093B09F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,?,0093AF91,?,?,00000000,?,?,?,?,?,?,113E2069), ref: 0093B0B0
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 0093B0C0
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                              • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                                                                                                                                                              • API String ID: 1646373207-2994018265
                                                                                                                                                                                                                                              • Opcode ID: 4fc8d7a44a6e71e0aaa31754009fcf03aeada5796f7bff07c2c0016a441d1b10
                                                                                                                                                                                                                                              • Instruction ID: cf483444937f1b8167687136e4234c14b4e08abbcb73457db597c57858e16fc9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4fc8d7a44a6e71e0aaa31754009fcf03aeada5796f7bff07c2c0016a441d1b10
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44016232244505FBCF229FD4EC14AEA7BBAFB48361F05442AFB4591160DB72C861EF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093B10F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 0093B122
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 0093B132
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                              • String ID: Advapi32.dll$RegDeleteKeyTransactedW
                                                                                                                                                                                                                                              • API String ID: 1646373207-2168864297
                                                                                                                                                                                                                                              • Opcode ID: 528c26c99fc8fe85eb14b9202c8463f6ca33db576149b0464e3e155c95cfabf6
                                                                                                                                                                                                                                              • Instruction ID: c445e850ad8ba9b5a61c67b52fa7e02fa4a9481f071a51b490e2a8d5ea469443
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 528c26c99fc8fe85eb14b9202c8463f6ca33db576149b0464e3e155c95cfabf6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DF09073308609BFDB109FE4AC94967B7ADFA807A6714843BFA4182120DB318C01DB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093D6E5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0093D700
                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,0000000A), ref: 0093D715
                                                                                                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000001,?,000000FF,combobox,000000FF), ref: 0093D72C
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClassCompareLongNameStringWindow
                                                                                                                                                                                                                                              • String ID: combobox
                                                                                                                                                                                                                                              • API String ID: 1414938635-2240613097
                                                                                                                                                                                                                                              • Opcode ID: 35c3964c8c52ce7182014e4be101cd9f05fadb9d844a7bb135fbc8f9c3b5d246
                                                                                                                                                                                                                                              • Instruction ID: 80e4dd6c88b6a18bf6c90333dad780bd7a611212c1c2beda7bb5ca97b2b95ebf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35c3964c8c52ce7182014e4be101cd9f05fadb9d844a7bb135fbc8f9c3b5d246
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7FF0C231765519BFCB00EBA89C42EAE77A8DF16720F500315F522EE0C1CB20AA028BA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093B16E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 0093B17F
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 0093B18F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                              • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                                                                                                                                                              • API String ID: 1646373207-3913318428
                                                                                                                                                                                                                                              • Opcode ID: 82541290b0600940f83b0522b5ea79252a178cf71e9c3ea2622288154645efeb
                                                                                                                                                                                                                                              • Instruction ID: d1452559de95da902bf525ac5b3cfbefafdeec6440e274a890723ca7760450cf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82541290b0600940f83b0522b5ea79252a178cf71e9c3ea2622288154645efeb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02F0623A344605EBCF129FD5EC18BAA7BAAFF84761F144436FA01811A0DB718851EB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0097B2BE Relevance: 6.4, APIs: 4, Instructions: 377windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetBkColor.GDI32(?), ref: 0097B2FF
                                                                                                                                                                                                                                              • GetTextColor.GDI32(?), ref: 0097B3AB
                                                                                                                                                                                                                                              • GetBkColor.GDI32(?), ref: 0097B59C
                                                                                                                                                                                                                                              • DrawIconEx.USER32(?,?,?,?,?,?,00000000,00000000,00000003), ref: 0097B6A9
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Color$DrawIconText
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2759393849-0
                                                                                                                                                                                                                                              • Opcode ID: ac86411b53e968463b8d71d5b3c931683574dab58da979d5bfdb1f5142f9c0b9
                                                                                                                                                                                                                                              • Instruction ID: 2566694f2052c18926c6d1bb9e7575f5e561b70509f8f51e89809a248c495239
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac86411b53e968463b8d71d5b3c931683574dab58da979d5bfdb1f5142f9c0b9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30E14072A00519DFCF04DFA8C985BAEBBB6FF48314F158169E809AB391C774AD45CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009CE2DC Relevance: 6.3, APIs: 4, Instructions: 288keyboardCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(?), ref: 009CE30A
                                                                                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 009CE312
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 009CE37C
                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 009CE54F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$Empty$StateWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2684165152-0
                                                                                                                                                                                                                                              • Opcode ID: 145cd54471607a4f9431cda253fb0fb7ad19b672d0717e203bd68dd4a2002116
                                                                                                                                                                                                                                              • Instruction ID: 01269fcaccf9438749ed9d7073de5881dec58177d0449f771aa57faee6cc52dc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 145cd54471607a4f9431cda253fb0fb7ad19b672d0717e203bd68dd4a2002116
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8A14B35A002159FDF15DFA4D895BAEBBB5FF88320F14405AF806A7290DB35AD42CF61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009B303E Relevance: 6.2, APIs: 4, Instructions: 209COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DestroyAcceleratorTable.USER32(00000000), ref: 009B3105
                                                                                                                                                                                                                                                • Part of subcall function 00943758: GetParent.USER32(00000000), ref: 00943784
                                                                                                                                                                                                                                              • CreateAcceleratorTableW.USER32(00000000,?,?), ref: 009B3163
                                                                                                                                                                                                                                              • DestroyAcceleratorTable.USER32(00000000), ref: 009B3230
                                                                                                                                                                                                                                              • DestroyAcceleratorTable.USER32(00000000), ref: 009B326A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AcceleratorTable$Destroy$CreateParent
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2271732900-0
                                                                                                                                                                                                                                              • Opcode ID: 3f11179810660e2fb0784ddc1179078b315cd386b0267f1e61801377d63368e5
                                                                                                                                                                                                                                              • Instruction ID: ad5ad709210ee89113d01d3be9d4d820d493aa918af4e1b4dd432fe4862ec8e7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f11179810660e2fb0784ddc1179078b315cd386b0267f1e61801377d63368e5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F712C75A00609EFDF04DFA9D944AAD7BB9BF48324F1480AAE915DB251DB34DE02CF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096D352 Relevance: 6.2, APIs: 4, Instructions: 185COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 0096D359
                                                                                                                                                                                                                                              • LoadImageW.USER32(?,?,00000000,00000000,00000000,00002000), ref: 0096D4FC
                                                                                                                                                                                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 0096D50E
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 0096D566
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Object$DeleteH_prolog3ImageLoad
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 91933946-0
                                                                                                                                                                                                                                              • Opcode ID: 8356b96bbb507a7a2611da1b5c4055bee48305e9f2a946633f686db36d734808
                                                                                                                                                                                                                                              • Instruction ID: a0ff7de50d6907c7231285e69437e79af16abaedb7c7b85076869bf3a2371786
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8356b96bbb507a7a2611da1b5c4055bee48305e9f2a946633f686db36d734808
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C71AC71E01214CBCF19EF64C884BEE7BB5BF89310F14816AEC656B296DB349D45CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009E746A Relevance: 6.2, APIs: 4, Instructions: 164COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$CopyEmptyWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2176940440-0
                                                                                                                                                                                                                                              • Opcode ID: 1c205a5b9b8aa3ba90acda03c59bca9db73639a54954b14977a9a94a0f31b19b
                                                                                                                                                                                                                                              • Instruction ID: 0c946e06377e1926c958a5c4401fccbb7c72bf5c52549660875ff58164e06fe8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c205a5b9b8aa3ba90acda03c59bca9db73639a54954b14977a9a94a0f31b19b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C51F6B1D00209AFDB11DFEAD9859EEFBF9EF84340B10456AE805A7250DB70AD45CFA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00955516 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 009555AE
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00955678
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00955681
                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00955690
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Object$Delete
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 774837909-0
                                                                                                                                                                                                                                              • Opcode ID: ffda1c9fb45163a76de302ee64e44b544a2eb1c99591640b901d1ae05d1924ca
                                                                                                                                                                                                                                              • Instruction ID: 73d725f4be7c656063021eb547cc121ecac04c76f5e395e3fb515fc48f7b5833
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffda1c9fb45163a76de302ee64e44b544a2eb1c99591640b901d1ae05d1924ca
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA419671900A09DBDF20DF56C8917AE77BABF44312F564525FC11A7282E778CD8ACB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009A1883 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EmptyRect
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2270935405-0
                                                                                                                                                                                                                                              • Opcode ID: 3ad82f4163f7bafe753cdc9a7f4e29d32cd9348c6778014bc8203596e95c73f3
                                                                                                                                                                                                                                              • Instruction ID: d81aa8e33168b410e1ef81bdb877a6f3a920ee62d409b8a7f776f4cd206f27bf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ad82f4163f7bafe753cdc9a7f4e29d32cd9348c6778014bc8203596e95c73f3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB51B1B09212218FCB64DF6984856E63BE8BB49B51F0841BBED4CCF65ACBB01445DFA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0095C66F Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(?), ref: 0095C6F6
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0095C70B
                                                                                                                                                                                                                                              • IsRectEmpty.USER32(?), ref: 0095C763
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0095C78F
                                                                                                                                                                                                                                                • Part of subcall function 0095C7A6: RedrawWindow.USER32(00000000,?,00000000,00000105), ref: 0095C81A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: RedrawWindow$EmptyRect
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 138230908-0
                                                                                                                                                                                                                                              • Opcode ID: 648175da7be16bfc006524714185b3a00170ecd02070227b778433f69af97b7d
                                                                                                                                                                                                                                              • Instruction ID: 384cb9028021e179c9ea8192a8640d0d09bdf3c7969bf4d8611f482fd6a0ff02
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 648175da7be16bfc006524714185b3a00170ecd02070227b778433f69af97b7d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A419CB5A01615DFCB01CFA5C884AEEB7B9EF4C312F144029ED05AF251C774AA49CFA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009524BE Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 009524E6
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0095252B
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00952574
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000007), ref: 0095258A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$ClientMetricsParentSystemWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2120119201-0
                                                                                                                                                                                                                                              • Opcode ID: b674098889123f3963b6b55c975a93d1abb8b9b5a45e0c67608155efa4a09d16
                                                                                                                                                                                                                                              • Instruction ID: 504bdae14c2d8fbacb43efbc511c808d708e322475acf9ff9588bcea73ee3c84
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b674098889123f3963b6b55c975a93d1abb8b9b5a45e0c67608155efa4a09d16
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD4112B5E006099FCF05DFA8D9459EEBBF9FF49311B10442AE805F7250EB71AA068F60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009B07B4 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(?), ref: 009B07EB
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 009B082C
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,00000000), ref: 009B084A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$ClientEmptyWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 742297903-0
                                                                                                                                                                                                                                              • Opcode ID: 68c22e10b9656756ad388f1e16a78ab3e51d893c86521a47b7f9e2a0c0cf2eea
                                                                                                                                                                                                                                              • Instruction ID: b90ccfbfb128dcedd8c0c139a36ca01117ae1bd68814704694daeb4a8b71b5ae
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68c22e10b9656756ad388f1e16a78ab3e51d893c86521a47b7f9e2a0c0cf2eea
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7310CB5A00615DFCB04DF68C984AAEB7B5FF88310B148569E90AEB351DB35EE01CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094B2E3 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(00000000), ref: 0094B2EF
                                                                                                                                                                                                                                              • GetClientRect.USER32(?,00000000), ref: 0094B30F
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0094B32E
                                                                                                                                                                                                                                              • OffsetRect.USER32(00000000,00000000,00000000), ref: 0094B3B0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$ClientEmptyOffsetParent
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3819956977-0
                                                                                                                                                                                                                                              • Opcode ID: 5a444e96daa91b4ff4585a4e3bf37083441c5dee6880dc10dab5850b6d3d3dd3
                                                                                                                                                                                                                                              • Instruction ID: 30f3b76665b9cc4b2d7596bc42c941eaa2d1de37455359f57283dab0b43d7830
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a444e96daa91b4ff4585a4e3bf37083441c5dee6880dc10dab5850b6d3d3dd3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0319475300602EFD718DF65D895E29F7A8FF84720B14C22EE80A8B291EB60EC01CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009E7629 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EmptyRect
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2270935405-0
                                                                                                                                                                                                                                              • Opcode ID: f2deee124094914da6f154a56baaee6797f58b38b0e22ff147d20ec1ae0d3701
                                                                                                                                                                                                                                              • Instruction ID: 65b8b5404ce591815d84bbdd3a8670a07a5bb4392768bb877f279f3bb60414d5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2deee124094914da6f154a56baaee6797f58b38b0e22ff147d20ec1ae0d3701
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3318F71A016559BCF16DFD9C884BEEBBB8EF08B14F10406AE901AB242D771DD41CF92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0097C55E Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000585,?,?,00000000,?,0097C83B,00000002,00000000), ref: 0097C58F
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000585,?,00000000,?,0097C83B,00000002,00000000), ref: 0097C5BC
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000185,?,00000000,?,0097C83B,00000002,00000000), ref: 0097C5F9
                                                                                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000585,?), ref: 009CB33C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: RedrawWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2219533335-0
                                                                                                                                                                                                                                              • Opcode ID: bff1eba84a5e8dff645250552eb8bf0609105cca1884bf020e804d269a6ea9a1
                                                                                                                                                                                                                                              • Instruction ID: 1ae3ec669695e821d8577938fc5c87a292279e312b9e80ad0423ad29bfe8d569
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bff1eba84a5e8dff645250552eb8bf0609105cca1884bf020e804d269a6ea9a1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1521A177644B12ABDB315B20DC05B2677A8BF88B20F158119FD897B5E0DB66FD018A90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009525EB Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 00952609
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,00000000), ref: 00952650
                                                                                                                                                                                                                                              • OffsetRect.USER32(00000000,00000000,?), ref: 00952668
                                                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000005), ref: 00952688
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: RectWindow$OffsetParent
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3516746122-0
                                                                                                                                                                                                                                              • Opcode ID: 9a4b715e0a522c2b2fa0f69ff1dbcd5969238af7501c47ad4b38dc7601ff7746
                                                                                                                                                                                                                                              • Instruction ID: ab8353ec3bfaca81343bf16c71eaf2e99ebb8bf977cfa42aa0104c9287959935
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a4b715e0a522c2b2fa0f69ff1dbcd5969238af7501c47ad4b38dc7601ff7746
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D218E71A0070AAFDF11EBE5DC4AFAEBBB8FF48322F104515F505A61D1DB7499048B61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0098A741 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0098A75D
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,?,?,00000000), ref: 0098A778
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,?), ref: 0098A793
                                                                                                                                                                                                                                              • NotifyWinEvent.USER32(00008006,?,000000FC,?), ref: 0098A804
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$EventNotifyParent
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1322302069-0
                                                                                                                                                                                                                                              • Opcode ID: 49b2356e3336868ffd51d49ca2ebdbbe751774deebe752eed4c0e3dde193704a
                                                                                                                                                                                                                                              • Instruction ID: 84eb53a2ace36d02d8f00dce353cbe83268c81ade761e126318a9cb78216676c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49b2356e3336868ffd51d49ca2ebdbbe751774deebe752eed4c0e3dde193704a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72216372200601EFEB15AFF1DC88EAABB79FB58310F044126F91987261CB716911DFA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0094B812 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • BeginDeferWindowPos.USER32(00000000), ref: 0094B834
                                                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 0094B84F
                                                                                                                                                                                                                                              • DeferWindowPos.USER32(00000000,?,00000000,?,?,?,?,00000000), ref: 0094B89F
                                                                                                                                                                                                                                              • EndDeferWindowPos.USER32(00000000), ref: 0094B8AA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Defer$Begin
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2880567340-0
                                                                                                                                                                                                                                              • Opcode ID: b2dd5cb4f19a28755312607ccbf93c80f5c6fc1088271cf26dc6e1d4c6095f81
                                                                                                                                                                                                                                              • Instruction ID: c80ccca4519e4f91105bf93924942d8aee3acedbc5f65adaebf3c7aaaa9f10ff
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2dd5cb4f19a28755312607ccbf93c80f5c6fc1088271cf26dc6e1d4c6095f81
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8121D871A00519AFDB11DFA8CD84AAEBBF9EB48310F14456AE505E3251DB34AA419BA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0096E8D5 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Rect$CallCursorHookNextWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3719484595-0
                                                                                                                                                                                                                                              • Opcode ID: 26b1ff30876e9aa9b1cea271dfcecef988d1ea201d187e086b5713c6bb65a68a
                                                                                                                                                                                                                                              • Instruction ID: 1d684e853596fbcdb084000d79ab443af406d1d533b36586da2e9962242b4235
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26b1ff30876e9aa9b1cea271dfcecef988d1ea201d187e086b5713c6bb65a68a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D21F7BAE0010AEBCF10DFE9DD48AEEBBF8EF58341F00411AE400E6165DB359A06CB54
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00937320 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindResourceW.KERNEL32(00000000,?,00000006,00939E47,?,?,00937462,00000000,00000000,?,00000000,?,00000010,?,0093C132,?), ref: 00937338
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,00000000,?,00937462,00000000,00000000,?,00000000,?,00000010,?,0093C132,?,00000004,0093C10B), ref: 0093734C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$FindLoad
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2619053042-0
                                                                                                                                                                                                                                              • Opcode ID: 502cbc870924c15d8dc4650e9e0eaccd9309dbc86332db70d2dc0a109a00c3fc
                                                                                                                                                                                                                                              • Instruction ID: 731aa4d01fba051fd9f10b94e310fca4f66e880432b87ec6dd50f7b5f9b72030
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 502cbc870924c15d8dc4650e9e0eaccd9309dbc86332db70d2dc0a109a00c3fc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F01C4B3B04626ABCB305AE9BC4457BF39CEB84776B018527FD49D7100D671DC015BA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093E844 Relevance: 6.1, APIs: 4, Instructions: 61fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • UnlockFile.KERNEL32(?,?,?,?,?), ref: 0093E859
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0093E872
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,00000000,00000000), ref: 0093E89C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$ErrorLastUnlockWrite
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1673360954-0
                                                                                                                                                                                                                                              • Opcode ID: 7bafcda4c3de5807501cff6e39b88f9db7edce40fa69f8b8dc496d60b905de32
                                                                                                                                                                                                                                              • Instruction ID: 2b4fb5a28b3025717a9b1502175c946398e7f21bebec8b9f26ae79c35c7e4dad
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bafcda4c3de5807501cff6e39b88f9db7edce40fa69f8b8dc496d60b905de32
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A117032900519BBDB20EFE1DC09E9BBB6CEF41770F108525F919960A0DF71E910CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009654A9 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 009654E5
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(0000002D), ref: 009654F9
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000002), ref: 00965505
                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000101E,00000000,00000000), ref: 0096551A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MetricsSystem$ClientMessageRectSend
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2251314529-0
                                                                                                                                                                                                                                              • Opcode ID: ab15d0d3cfe55d4d0a84b0969259df23520fc4c8d247e8c675faac2b6842db87
                                                                                                                                                                                                                                              • Instruction ID: e2f68c1d022586abf8f37d335eb36d6ec3c6393ebbf2a4390c51fc84f7876725
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab15d0d3cfe55d4d0a84b0969259df23520fc4c8d247e8c675faac2b6842db87
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A015272A00519AFDB04DFF8D9495AEFBB9FB08310F01026AE405A3650DB706D01CB61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00946061 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetTopWindow.USER32(?), ref: 00946068
                                                                                                                                                                                                                                              • GetTopWindow.USER32(00000000), ref: 009460AB
                                                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000002), ref: 009460CD
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2353593579-0
                                                                                                                                                                                                                                              • Opcode ID: 52ca5f2b7a39f3f2a988124af6d270decfbba09aa5969dfc6868bbbfbd3041c4
                                                                                                                                                                                                                                              • Instruction ID: 04245d574f3c878374bfd9c8fb127d6bf3b84660a486a9e0294bd54457338e14
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52ca5f2b7a39f3f2a988124af6d270decfbba09aa5969dfc6868bbbfbd3041c4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B010872100619BBCF229F92DC08EDE3F6AAF06355F048001FA0555060CB36CA61EBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00943582 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 0094358C
                                                                                                                                                                                                                                              • GetTopWindow.USER32(00000000), ref: 00943599
                                                                                                                                                                                                                                                • Part of subcall function 00943582: GetWindow.USER32(00000000,00000002), ref: 009435E8
                                                                                                                                                                                                                                              • GetTopWindow.USER32(?), ref: 009435CD
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Item
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 369458955-0
                                                                                                                                                                                                                                              • Opcode ID: 576961c67644334ec30d4d6235233ac53c57b427ce1090d4d050b079910c1a77
                                                                                                                                                                                                                                              • Instruction ID: c3575483a74538bf76fbaa0be915b46c73c06c08d987771ab36f4a6bbe6fd5a1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 576961c67644334ec30d4d6235233ac53c57b427ce1090d4d050b079910c1a77
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A011D31201626B7CF22AFB19C05EAE7A6DAF513A4F04C511FD1A95120DB35CB219A91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093D224 Relevance: 6.0, APIs: 4, Instructions: 41windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0093D232
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0093D245
                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0093D25F
                                                                                                                                                                                                                                              • SetFocus.USER32(?,00000000,?,00000000,00943BEA), ref: 0093D278
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Parent$Focus
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 384096180-0
                                                                                                                                                                                                                                              • Opcode ID: 233e8652216788ceb69d29968e1ea439b402597207dab2445269246976d92d57
                                                                                                                                                                                                                                              • Instruction ID: 7325e06e6ddfd1ed8d8524810849fd5213d14511a075dec5797837d6a7223e5e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 233e8652216788ceb69d29968e1ea439b402597207dab2445269246976d92d57
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FF0B672B11A009BCF227BB0AC19A6E76AAFF88721705496AB55B93231DF35DD018B50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00A5185D Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0093D34E: ShowWindow.USER32(?,?), ref: 0093D35F
                                                                                                                                                                                                                                              • UpdateWindow.USER32(?), ref: 00A51884
                                                                                                                                                                                                                                              • UpdateWindow.USER32(?), ref: 00A51897
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(?), ref: 00A518A4
                                                                                                                                                                                                                                              • SetRectEmpty.USER32(?), ref: 00A518B1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$EmptyRectUpdate$Show
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1262231214-0
                                                                                                                                                                                                                                              • Opcode ID: fe5f542b7ccd791544c4b28df8553790758a8a13e6e96e013ecee1c4bfe73fdf
                                                                                                                                                                                                                                              • Instruction ID: 8136199cddd591edcb9a326a905465aa8059e9193b206b8723d3f1a76e6346f5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe5f542b7ccd791544c4b28df8553790758a8a13e6e96e013ecee1c4bfe73fdf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FF0F872210B119FDB609BB0D808FA277F8BB04326F01956AE59AC2160DF38A849CF10
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00967480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSysColor.USER32(00000014), ref: 009674EE
                                                                                                                                                                                                                                              • CreateDIBitmap.GDI32(00951EA6,00000028,00000004,?,00000028,00000000), ref: 0096753E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: BitmapColorCreate
                                                                                                                                                                                                                                              • String ID: (
                                                                                                                                                                                                                                              • API String ID: 2048008349-3887548279
                                                                                                                                                                                                                                              • Opcode ID: c48bea7e275bb6d34f690da775a8b09a55c40d473efc60cbb3558c32deed7c8a
                                                                                                                                                                                                                                              • Instruction ID: ab867ef99ef49632effc2342d68bf74c7ea00f46b5eee6af89deda6284cda36c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c48bea7e275bb6d34f690da775a8b09a55c40d473efc60cbb3558c32deed7c8a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11219231A5025DDBEB14DBE88D42BEDB7F4EF15304F4080AEE545EB281EA349A09CB61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00A0A1D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52registryclipboardCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00A0A1DF
                                                                                                                                                                                                                                              • RegisterClipboardFormatW.USER32(00000010), ref: 00A0A229
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClipboardFormatH_prolog3Register
                                                                                                                                                                                                                                              • String ID: ToolbarButton%p
                                                                                                                                                                                                                                              • API String ID: 1070914459-899657487
                                                                                                                                                                                                                                              • Opcode ID: 6c60f9f04d22b21e05b601079f5583e5c7766b65a4c8c42c8a8968bbc74b4890
                                                                                                                                                                                                                                              • Instruction ID: f434ea29d0efd59b067f7e156af8369276bc423ab1746aba702ec905c5b6e6f0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c60f9f04d22b21e05b601079f5583e5c7766b65a4c8c42c8a8968bbc74b4890
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 421182B4400208AACB10FBE5DC45BFEB374BF54320F500625F521A72E2DB749A06CB66
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009679A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CopyInfoMonitorRect
                                                                                                                                                                                                                                              • String ID: (
                                                                                                                                                                                                                                              • API String ID: 2119610155-3887548279
                                                                                                                                                                                                                                              • Opcode ID: cdae8bbc78301c9740b5fa78662af7d8ce021f42908f697c56ec16d4cce56c8f
                                                                                                                                                                                                                                              • Instruction ID: 0190cb4cd0f49903c4bbb6b287eba0bcf69c7f3fb1b59ef9e168871ba7118851
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cdae8bbc78301c9740b5fa78662af7d8ce021f42908f697c56ec16d4cce56c8f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5119EB1A0060AEFDB10DFE9D98599EB7F8FB08314B508859E496E7250DB30FA45CB61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 009597EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45keyboardwindowCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 00959806
                                                                                                                                                                                                                                                • Part of subcall function 0095A099: __EH_prolog3.LIBCMT ref: 0095A0A0
                                                                                                                                                                                                                                                • Part of subcall function 0095A099: SendMessageW.USER32(?,000000B0,?,?), ref: 0095A0E3
                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,0000002E,?), ref: 0095984A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessageSend$H_prolog3State
                                                                                                                                                                                                                                              • String ID: .
                                                                                                                                                                                                                                              • API String ID: 1947833932-248832578
                                                                                                                                                                                                                                              • Opcode ID: be13622a87e2f395081fa4a2e39659656cdb0a4a04d552ec8b28cab2d9863b25
                                                                                                                                                                                                                                              • Instruction ID: 9862949b969f18350b81e4bda6f31ed7a5c711336d025ad615535c9eeb6b9fbc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be13622a87e2f395081fa4a2e39659656cdb0a4a04d552ec8b28cab2d9863b25
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C901A235200208FFEF15DF92CC09F9E7BAAEB86362F008125FE01591A1CB719A94DB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0093C69C Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00AEF478,?,?,00000010,?,0093BAFA,00000010,00000008,0093AD73,0093ADB0,00939031,0093924E,0093616E,?), ref: 0093C6CD
                                                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(00000000,?,?,00000010,?,0093BAFA,00000010,00000008,0093AD73,0093ADB0,00939031,0093924E,0093616E,?), ref: 0093C6E3
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00AEF478,?,?,00000010,?,0093BAFA,00000010,00000008,0093AD73,0093ADB0,00939031,0093924E,0093616E,?), ref: 0093C6F1
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,?,00000010,?,0093BAFA,00000010,00000008,0093AD73,0093ADB0,00939031,0093924E,0093616E,?), ref: 0093C6FE
                                                                                                                                                                                                                                                • Part of subcall function 0093C678: InitializeCriticalSection.KERNEL32(00AEF478,0093C6B6,00000010,?,0093BAFA,00000010,00000008,0093AD73,0093ADB0,00939031,0093924E,0093616E,?), ref: 0093C690
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.3213783396.0000000000931000.00000020.00000001.01000000.00000015.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3213601633.0000000000930000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214719913.0000000000A9C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214886088.0000000000AEA000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3214977942.0000000000AEC000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AEF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215106889.0000000000AF1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.3215418476.0000000000AF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_930000_fast!.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterInitialize$Leave
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 713024617-0
                                                                                                                                                                                                                                              • Opcode ID: a913c10ca67b64452cbbdf6c2a5c7a3c17871052d01cbb0c4c93129fe232195e
                                                                                                                                                                                                                                              • Instruction ID: 93328b395c0b073ffb8b1e86bef0740148d7f90f915ae1b0bf784094eeda2a1d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a913c10ca67b64452cbbdf6c2a5c7a3c17871052d01cbb0c4c93129fe232195e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13F09C766016169FCB006BE9ECC975AB75CEB96365F406032F501A6151CF70CC038F95
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%